aa2f404c093116a02c3ba635ca01627267615e1747148d98f8eb59771f64329f

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
Size

94KB
MD5

a8a5030d4c01bfb2227c053354783cc0
SHA1

c8a42a5359cefa944b118c79624d6c613282c685
SHA256

aa2f404c093116a02c3ba635ca01627267615e1747148d98f8eb59771f64329f
SHA512

cd5bb30a0ca8c86c817eace4315bbc24ed53e4487a10b9c3b9e1ea26b2122404d27b593554c7477524b7659ee35aeca7907f4d0a70c1e2f525e1b05cfc11ba5d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNTyI8yIl:6rWpcOPxPke+e3fFpsJOfFpsJbgEXSl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4874) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\vi.pak.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\BackupUnprotect.mp4.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\Logo.png.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a8a5030d4c01bfb2227c053354783cc0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
95KB

MD5
9f452be8dfe65f214fa7946151638057

SHA1
e8b95b1d0b5bdf57cc1af5e577d575e2807d8eec

SHA256
16a7b854d359cf48ae58b9f8f667d7ab492c34aecea1ec0ab8cc177a8f22dad1

SHA512
c8b8e9a0cd5df93929145f01b1eadf61accfd38a3c10a244542d5131d8f4893c715ca11e6a62d79229c428f639ee0bff15bb40ba1a3ac6fdbb32f0a791cd24f2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
62172bcdce8f251969e3a529d712d16e

SHA1
72dbbdb6b3d8de9d8a0c451ef3da31932ccb3c45

SHA256
56a8264715411010564c0b4a149066acadfaa83d8e6b6d524ebc18f8846f07d8

SHA512
b016154b338b78e408ddebad7a6efda1acf79dfdb8588543395a15420bae48d4fa29e6060b77cdeafd39cee411f7c43385e39b7247035810ec51bfb61add6fd5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads