b250b1398fdbd171298754257bac46fa21a7c032b232d0ba96cb8282c2f624b1

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
Size

97KB
MD5

32e6e8f6585f96e2caee27c4b42cf010
SHA1

82d3843aeeebebf0b16ed2fe6335971c6b3999a2
SHA256

b250b1398fdbd171298754257bac46fa21a7c032b232d0ba96cb8282c2f624b1
SHA512

1a1020861ea58a10476e2a74739dcfd834827f4c011a1e7df1e6dd0eca0a3562e44d9d5cec9e3a6775495c3de6f0464f683a7edc6a29ce61acb2e9a3355f25ff
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNzOmOm:6rWpcOPxPke+e3fFpsJOfFpsJbgEhT9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3458) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\32e6e8f6585f96e2caee27c4b42cf010_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
97KB

MD5
a1b6663481ae25ad3fe098f2ebe962f5

SHA1
91c467a77c51a545ad73d3d7da88072fd13fb331

SHA256
ed3ddcf3b7756ff467a07ee16f427be0b6cbf33fe966f1261914a3d0b6950729

SHA512
42c18f57e86fd4a1279e010f807b0cfaf99a022caba3aebaa944cd0ac956b990a02dcfd89496ac7fceb856d14b05cc773ef1f99dc822c78dec03fde520b9ca25

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
d7432e6df4edb71a16ee5681f2229cd6

SHA1
1c4a857cf6225cf30921f502092a412ce02bd687

SHA256
07e89008b621356ca8fd19b13ec67ed23c2c5d8ab53e7692db4842494cbcbbfc

SHA512
badba543ee6432634e371f57476e510ddd0c91fd2efe7cb8f100bb12d0202819108286eb095445ac91390d96e48f73066e3bb1a68dcde66a716ce51491c58a0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads