1cb18c8fbf628b38571ba894624aae5537c1fac26fb9681df3d000a3c5b2fdad

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
Size

69KB
MD5

176fdad8c666d430b6d8e903ea6a0e60
SHA1

dfd2f647d1d1329547a763283aafff304152af93
SHA256

1cb18c8fbf628b38571ba894624aae5537c1fac26fb9681df3d000a3c5b2fdad
SHA512

bb19296925c3da447eb7f14b543bb7e98fddfd25820c9eba10429a373ebf09ee7c7505a8fc465a3777e89b34b18b6dadc5e10e9828b9b4ce504dca85d6e2268f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Flp:W7ZDpApYbWjIlE77ufL2e+e16alp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
69KB

MD5
60ced4ca5bd660bc599978c7ed492b05

SHA1
fed6ed7170849f5bc20eb838c1ec5f5271808d96

SHA256
206b4b4055a34c129a4d36bd57162cff45daca93b2b7ff5b4873845e549c5557

SHA512
fe8611745881061fb068944dfdee8711b340f9954503a6f28f40ee3a918c135f9802452dd5e632aad6ede939efbc33b87dd753bcc1c2d5278954673464e531cf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
561a5b490f1b7d37c0e0aa65be7d6b49

SHA1
4a6ea86365221737a14960bff6fcc48118320e17

SHA256
e14b777f081c35c826b3a50a5e541962e33e6b128df08b61b12e9d30ef505037

SHA512
6fd927f5fdbf40cbe5eb21e3ec0ff12211753a771524a2a49af76b6a6fe39e8138dce2b770838a7f01f2ddf7ee2c99d50ef727ff848cbc96bd403afc38b8ed5c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads