c56059e1853e9a7d6fc643f675af48bf7fa4398ed76f09f3f1c72a540808ed57

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4985bf53cef63521926b34dee36bb80_NEIKI.exe
Size

167KB
MD5

a4985bf53cef63521926b34dee36bb80
SHA1

005aee95733ececa307e329d50e7ed9349dc2f28
SHA256

c56059e1853e9a7d6fc643f675af48bf7fa4398ed76f09f3f1c72a540808ed57
SHA512

6eeb9067aa1ffafadc1123b8ede71e25ddabb33d7448e3be30cdca4ef42ddd713693c22333d74bc19ebd379665e3ed158eb6419eab93012f9436c79abe0c1be7
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu3:JiQSo1EZGtKgZGtK/CAIuZAIu3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3369) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000016056-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2020-540-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	a4985bf53cef63521926b34dee36bb80_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\a4985bf53cef63521926b34dee36bb80_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a4985bf53cef63521926b34dee36bb80_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
167KB

MD5
b6324e9d389f1e4321d2462a1270026d

SHA1
1882c47569b45d3ee78d7302eb02153a8641b05b

SHA256
1e45a89d6678bb65275830eb39faf9fd0c5911fe64da6e55d866790766e46606

SHA512
5ee8546c99b82cc169ef97adc772ea9428ea86b80b56feed88d134648b3e5c9178a5c667f80469358b640468664103c63ab6cd0ff80117bb830604dbef71a80e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
176KB

MD5
c6b67d85e0a8e9a5eef2544148662ef8

SHA1
0c63c2d61c0d20dfcf1be3f4988968cfa8e6e1c1

SHA256
b04171ac8f86c6ba99c5daef57998be56ac75e3b539ddf005528cf128b0513dd

SHA512
1639c93aa65bde6748b061866055b3c7d2988d044e3fe196341b392a3a011b6a51ae3e215a6ffa9de38b535ee7f0c1acbba47a3cd25220a48ee1da0d46dd1978

Download Submit
memory/2020-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2020-540-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads