346e56aa46873151081bc6dc5be97a2e3cc7a0e692d3bd5b1874f5729f596147

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
Size

221KB
MD5

12c67e47e63ef4f38f08d5780b1c2b20
SHA1

b01c9bd182cc16dedc2f92270eae75d1cdcc9ab4
SHA256

346e56aa46873151081bc6dc5be97a2e3cc7a0e692d3bd5b1874f5729f596147
SHA512

4c607d6d816e66fe12a24f6c7d2d14ef193b9d002e2d03e39e9ac8f28cea37134522af556aeb8c55f2b216856ebf6f48bd5af68b96fb5f85cd34a5758b0ea8eb
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuYch93g+v:JiQSo1EZGtKgZGtK/CAIuZAIuH3h

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (291) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000014909-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1760-64-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\12c67e47e63ef4f38f08d5780b1c2b20_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
222KB

MD5
d126cc9d0fe8fd8d55bf9e2575beb1dc

SHA1
99dc9e15f8dc00576daed2e345602f3c82791045

SHA256
681d1c0ec3fbe807a5a36b2af80a14b50f7bb02f1520105892121a66bd052124

SHA512
fc75013a313df3106815f53755d6f7e335edfa4222956dad6a8f5aaf9ae64786d446c1a2f4ebf6ecfb83b9ab17a1d7bce519001ff14c0c80b67791461d8beb0b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
230KB

MD5
e0e8221fbd260a56e35b4917fa92c912

SHA1
921902373b89bdabd25ee6d9e4365e8a564896bd

SHA256
7821a1cd73163c1ca1b868e3775a2b67fa6d39c55fd7d2a817611c26d4b53249

SHA512
2205057b1f6f87462567157d1c68d6dda0ac426c13e02d4ba68c476902b1d8306631aeb42895409cc2fd910e5a959522ad49b68458736ab50d2bbdd64479d976

Download Submit
memory/1760-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1760-64-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads