aa2f404c093116a02c3ba635ca01627267615e1747148d98f8eb59771f64329f

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
Size

94KB
MD5

a8a5030d4c01bfb2227c053354783cc0
SHA1

c8a42a5359cefa944b118c79624d6c613282c685
SHA256

aa2f404c093116a02c3ba635ca01627267615e1747148d98f8eb59771f64329f
SHA512

cd5bb30a0ca8c86c817eace4315bbc24ed53e4487a10b9c3b9e1ea26b2122404d27b593554c7477524b7659ee35aeca7907f4d0a70c1e2f525e1b05cfc11ba5d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNTyI8yIl:6rWpcOPxPke+e3fFpsJOfFpsJbgEXSl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
95KB

MD5
761d6a8819bb42afd3f404ced9f74183

SHA1
4fce5a43214c98a0321ef02bc00077589341a126

SHA256
fa1888b38c8ff53caab1d24e5ee24b5c11024cd9cdaf953a884856a2964c7ca8

SHA512
ee322f90372e581141723a124b390d047b63a0b8b1d798c2583ea131ffac1dbd75559d8043fdd2ae1ba8a8c0f348d97a1c0dcc00b9fb6f26aeeabf304dbb8407

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
d1e299b12a8ccb380a780947a3625354

SHA1
9219d5ea60eeebfa2c86137182c99bccbf1b81ee

SHA256
b03b025855cb423c02b5e0f0727b305cec7457ec3f5afe722bf162c55ff428f9

SHA512
8bc931655a9b3feaeaea5d197623df29806c03e2c3404faff3c3665d41de5901cafe598e71df197f067b26fe35b4ac5673f420935c833be10f178b838ee100e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads