1cb18c8fbf628b38571ba894624aae5537c1fac26fb9681df3d000a3c5b2fdad

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
Size

69KB
MD5

176fdad8c666d430b6d8e903ea6a0e60
SHA1

dfd2f647d1d1329547a763283aafff304152af93
SHA256

1cb18c8fbf628b38571ba894624aae5537c1fac26fb9681df3d000a3c5b2fdad
SHA512

bb19296925c3da447eb7f14b543bb7e98fddfd25820c9eba10429a373ebf09ee7c7505a8fc465a3777e89b34b18b6dadc5e10e9828b9b4ce504dca85d6e2268f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Flp:W7ZDpApYbWjIlE77ufL2e+e16alp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ko.pak.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\176fdad8c666d430b6d8e903ea6a0e60_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
69KB

MD5
33765ac9d8081f4c4137d0ed5801817d

SHA1
2d4f4c4f79f3d5407ee1479d0638284624643977

SHA256
f3252d25c7d142630c32911e2e786b8c3c0e69ce5c0a4e660ce3d618b909272d

SHA512
a94e227f386f9bf5b3db75d264a0aa93ff3504a34a87da529288d3ffd37d5bf862a293f89a5081284cb7d720d01e64d26b8421a4e9052f009e110045e68ef838

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
168KB

MD5
efdf0a9f713a411d20c6cbbc5525750b

SHA1
a272b6b3ee95f15627d8994add6093d16f2e4503

SHA256
723d12c917f87fde9c06b4be189cef2ed663912a76fbed52a042c2beee36ca46

SHA512
b194dd01531c3ed45a7e84d489b0af94e87c518f9aa5b7580f6c513d51e4c45ebfce5c3f9a17fbd7fbd29bb7339a84e5f3d3e004dedf4cee758040f8285f1623

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads