Overview

overview

9

Static

static

3

87f75daa05...KI.exe

windows7-x64

9

87f75daa05...KI.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 11:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    87f75daa05015fef8b0ebbf32d4f73c0_NEIKI.exe

  • Size

    104KB

  • MD5

    87f75daa05015fef8b0ebbf32d4f73c0

  • SHA1

    10347266985ef2c50bfa32aa761bb4c71c1ce556

  • SHA256

    5fee93154903b175ee638d017f352ae7580fb637b24216079b8ed34cc0c35028

  • SHA512

    559441ea6f0c35cf0b505128dca530c3fc162a95c2382470e578c02012265669238559aa07fed0124de18129649c6ab618c39de00b1e2abd86713925cbaad5e9

  • SSDEEP

    768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJO/:W7ZQpApjIWe+eoO6O2lpiMZiMjj9

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3444) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87f75daa05015fef8b0ebbf32d4f73c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\87f75daa05015fef8b0ebbf32d4f73c0_NEIKI.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2904

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
          Filesize

          105KB

          MD5

          1af83d509401b041c605bdfde98266b3

          SHA1

          89b3643638ddd55aab15a0fa5c3a380d0b068ae7

          SHA256

          a2c16553e547568948b612caf8f7fd395dd4f99e37c069ac9791823afa4c028d

          SHA512

          c5a448d3fbe5ff0688a93e152de097dd85f6bb5d1c66d7b362152fea49c9fc7a44e8f9981a18a8d8661aa5204d9ff83f71715a1c0e061b3bf7a96a8ba53981ea

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          114KB

          MD5

          aaac2e1bbac055d03c633b96dbc9ce85

          SHA1

          e50ba6c8d6a70a4d080b4104351b25e2b264d7aa

          SHA256

          7bdba20ab98e956e2974dfa7e05ea59d28eb20745bf6e7ded1943699d147aa68

          SHA512

          eacb6e36a3417d5ca96fa9c67a6e49dd21fcd9bbee143f6b6a7e0222bab1da05aab57eadca00cbd8772fc05f111047bec8e6ac70aa65776f95dc27b840700631

          Download Submit