9bb1b7aa918b0bc989a78c0a94e498bb41a1e7351e0ad92e7d8f16080276fb27

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 12:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
Size

95KB
MD5

a3f801226c14b8be5ed6ed4dfd8e9b30
SHA1

6f1a04e07533b6b52cc3071bf48715fef1bd7577
SHA256

9bb1b7aa918b0bc989a78c0a94e498bb41a1e7351e0ad92e7d8f16080276fb27
SHA512

65b516a450ac2d290efe2a7a76b68936b94d3cbf3ef31ec94d9844c33af1227ebe1a2286b470c3c0f56ad3fca311eb96925ad813701c8a4dd2411f771af89f87
SSDEEP

1536:W7ZhA7pApH1IwVHykEElEa0NQn0NQie+eeaA:6e7WpnhkElEa0NQn0NQie+eeaA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (513) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a3f801226c14b8be5ed6ed4dfd8e9b30_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
95KB

MD5
9389c5b4d0165cc8aa601579041882e7

SHA1
9dd4bbe9cd7d779d9cccd8bc489e16db444e531b

SHA256
5b76e4d9182551b83464b32a3142c0a0102c73e35e7098c5b5437f69e398a5c3

SHA512
9c6ce660581bacdcb46c52d4e726ed8b460ff7da51c853740671a56cf94ee15199572a4dcaaee3f25e320e02657f29993618c99fbade84e3f2d5d24899a62d5e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
1e3cd8115df302e06e4ee8a79af9b42b

SHA1
c41477a6af83096dffaf6f4494ffb9cdb97cd369

SHA256
fd9a019d0f9f3a0096148fd444076f6b9f359a2e964ba341d105365561f5ca07

SHA512
45850d271049a0bb7d7610440202a5ed2fc8bd3ada69ebe363a4eb0522ad83dd3127878abdde7bfefd3c262deed22b1d2ace267939a457fce4012e95e0814775

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads