26a1af43535c4e62adcadca6773e1de82b510b022e107ab9e2d004b903cd1e10

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
Size

89KB
MD5

5b501262b89aba55aa3b122b8d9d3ae0
SHA1

c4c4971ee1092980a545771b24e83769d8e95957
SHA256

26a1af43535c4e62adcadca6773e1de82b510b022e107ab9e2d004b903cd1e10
SHA512

32430fea81357f2d0e9577773d867007a8b63991923b6a1ddb30cd848e55a781d4f1e997e5fd346589f070c8fecf13bf8da990e716920e14cf9cf33b9046aff6
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNu:6rWpcOPxPke+e3fFpsJOfFpsJbgEU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3506) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\5b501262b89aba55aa3b122b8d9d3ae0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
89KB

MD5
74c482f852da5afdc44c13e753563ee5

SHA1
11206a1e330b2a86bff6601b8356dce799821f17

SHA256
bb4596f3daee6964d83cac93572f63c2f281796fbab6915bafe02d2b6bda1ef2

SHA512
ca64d820e2345b5045a97962011b663eca2dfe8098367a5377198006d93377d5b4d6fd3b8ec204316b8238a05d11b9a083d5ff89e3774ac14c942cadaa2614b6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
692264ffdb925282aaf0a9603c5738ac

SHA1
a04d796ba87fa06d63e1049633f39b71c7de75a7

SHA256
ba1fc52a731e81d56d2aeb3f493158b8cfe0731ffd7cf97f0302acc1ad25b5fc

SHA512
90c44c58c59039f97c2c924df14b5319dd8e90ced644fe8e182da915e69876281a9401ec63c3a9b235ac04dff0d5dd57063363e15f1d492fabab302bb9cf9e02

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads