adcbee0b2c530c6c347e00ebab05f4cdf17e70b75da5f3f726402d4177d759b4

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87a536bb18a0844ab16188bbe724a670_NEIKI.exe
Size

90KB
MD5

87a536bb18a0844ab16188bbe724a670
SHA1

1952613dd2d5eb4ea3c6f526d4d5b908bd52c806
SHA256

adcbee0b2c530c6c347e00ebab05f4cdf17e70b75da5f3f726402d4177d759b4
SHA512

e780601089b7e5c502cf604b24fac9bb86aed13cac7542f0c20b9d855d70b72b8deab987e44ecdd766004d9195d245bcb6718b244159b3004e46335a03ce7bd6
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNJ8/8wr:6rWpcOPxPke+e3fFpsJOfFpsJbgEEkwr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3562) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\settings.js.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\ConnectClear.m3u.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	87a536bb18a0844ab16188bbe724a670_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\87a536bb18a0844ab16188bbe724a670_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\87a536bb18a0844ab16188bbe724a670_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
90KB

MD5
19dbb575154a8777409e5cf7efea6602

SHA1
ce2f75930c4a5f18c70c1cb4ae2e339415f089e7

SHA256
af360c91c338c5680b3692a84cd9491439e404cf5e1643853f2ca03d308c5a47

SHA512
bb22e11b9eeb8feae87e7070f1c2e91ff8687080ed462ac04bc24783d43687b9e6c5a3f642fcf6b33ba26694f566d7e07762ea279304fcea8844a12c8fd877b9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
b0cfec90e46a567efe7b8c0cd10f7289

SHA1
8fa3ef5d302cb3c7cf9b5036014377381071df61

SHA256
f21ed43fd41b9b75f866afda04cc18c9034f43d2a2a3d1d5d6ac30b1854fcb4e

SHA512
dde5ca0533d9ab5e0124202de548c80d4673fae189002b1816057f2628add325998a93812ceb46d5e099c5bc4ff66cff7247fc4c17b9dd0f7c4f680490f1818c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads