486f91652b03bfb18b30352cda00646edf938021e9cf2c54b7b4bdb4a429714b

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
Size

100KB
MD5

d6b239efa9eae0faaa55a82ba6104a40
SHA1

318f218da178da61bdaea012d52f90a602e23d6e
SHA256

486f91652b03bfb18b30352cda00646edf938021e9cf2c54b7b4bdb4a429714b
SHA512

f2f1d00d1ada346d3438d10119230cdb9c4ad2bc0cd0a68c7b6fb267d06cccc391e834f9ff4b575c0aaa7b6e08e5dcd6a871c1e2fbf19c09cd3beb7bccd256d0
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz7:RqlIyFESWu0SWuGS/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3505) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d6b239efa9eae0faaa55a82ba6104a40_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
101KB

MD5
b7ccb5c96eb85bbf67326f8c9697fb81

SHA1
8509b1be3bc9787141a7050bfb139ea87a8164da

SHA256
6f8ebace4d7695e59a2c7b9448163e49df3c0c1c0293781c9c9b71e5b22e2e93

SHA512
f08090e0c907cac94e02217e24bc25d98b4927a05cdb20c7577d5a46ce4ad55f6ba9f99c4222dc38454a61133d4c39409e37a1a318f14d3b9adb41c2bd0863ed

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
c84fb542df8268fd101cbbe3f8a83b97

SHA1
78c9573bc8cfe7b75e94a97db12d8ac6be5bd55d

SHA256
6f33db615cf55dffa408f64974eb72ffd67171df4390373815f97bc9d58860ab

SHA512
f6f2f8c27d5f3762ebb32a861eab4cc75eac53e4a53033339b869b131ac8ccd6a72e4501d6a2574341733ac01a204a16eadc31aeb5372d509bb47af1589bd979

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads