237dc273f905a1f6f3643e83fc5388d05fe5533b9421c23697a541a794480f15

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

224c435737082bde6ddd2a8dd500c720_NEIKI.exe
Size

133KB
MD5

224c435737082bde6ddd2a8dd500c720
SHA1

6d7d7acb32d87d87e747ad9752a031e8cfd66f65
SHA256

237dc273f905a1f6f3643e83fc5388d05fe5533b9421c23697a541a794480f15
SHA512

cc46051b5dc7985d25c0518743d83a37c5bb5ae19c32347d9a5f599d4736025ff6a9a62a051fa6ed235bd8a5709af4a1a391bd3b3a9fb55de30242c15c852029
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhf7H0WH0rnb:JmCAIuZAIuDMVtM/1H0WH0P

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3430) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000155f7-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2220-636-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.tmp	224c435737082bde6ddd2a8dd500c720_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\224c435737082bde6ddd2a8dd500c720_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\224c435737082bde6ddd2a8dd500c720_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
133KB

MD5
201f94d7cc8d473b9389c78f29c16bc7

SHA1
00e0c31eb9a8dc7cc3696d50daa0740a520fbd50

SHA256
04c4ddedda0c17495b265e1235adef0c6ef2d681c0c432af189f80d61fd7f718

SHA512
79bc248fcd40506c90d949b7010602b854558be9ddc5d3517e9c33fc88313908aee2bdda30dcad1701601b1b4960ca2010ff9e4580bfe6ac5d06c6ad03f31da9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
142KB

MD5
d592d322bcd939eb287cd0ae82ebac8f

SHA1
a73f509f8808f287608d0c5367ca0626b87cfb08

SHA256
84c5a0beaa0930d43b71962cc71d3918d837377d4c580972db2ce291d1417d25

SHA512
d5440a5b74684ae3a6acf9618e9ddeff57c81a0610b94fc0e4c4d3c0328027ac0736e6ee40e6ab721e6b98ac6ea135661861958ce501ea5d1d4a779cfe169ffa

Download Submit
memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2220-636-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads