c768bc25fa9c6a865327d827975ee111ee8694d3d1dfb59665f81be595283f6f

Analysis

max time kernel
137s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
Size

71KB
MD5

618e14d3ef016ca0e3c02736b0b362d0
SHA1

b1f382abacec4cf272efdaab47da4e49db3f438a
SHA256

c768bc25fa9c6a865327d827975ee111ee8694d3d1dfb59665f81be595283f6f
SHA512

9277e07736bcbea3097a21c1ef341200ff5305572abb09f8495ec5344d7702017f0a555274f4223c7d05b68c0ce685e703f9c796ccd9e556a72eed985476824f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Fl3CjmkmZ:W7ZDpApYbWjIlE77ufL2e+e16al3CjLK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPSideShowGadget.exe.mui.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\618e14d3ef016ca0e3c02736b0b362d0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
71KB

MD5
fee5972f7aa7b4a1869915345786ee06

SHA1
be5028aebc43c2476e58ff584f0bdf74e63051b1

SHA256
c057cc75b7137a0bf92a4fff2588877d6bf2eff7e25c50859e32d5f6a9a378e1

SHA512
1be19dafc9eae026f69d4b5112eaffafcd3e02259421dded9526c560ed37cdd948390e1fb161f56b53a096804a2dfff8a9a9b79f85c95d974987ab56dbd4e330

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
ff19600d2d1b3ff59423e79f27f105d9

SHA1
ee06d0e534b48942f993b7eb93cc4efeb91b656c

SHA256
7103d889c75dc3860be506e414ca446fbfcdb282f1a18baba12def49f6db5f90

SHA512
c8ea86c5049805d47afb34bacd9787c574d1c7cefda03115dac5d47c2ca07f5d398aa954ba1b00b9589a37b0b2dee0dbaa34c71cb64d2371131149ad0cf36061

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads