6b3fd86cc1db67dedee5890ce422f465bc82bee661906d22a9418f32bf4b9e2f

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
Size

69KB
MD5

c5b8afdca1516709e2b79d4052d1f2a0
SHA1

b83d4382f33ddae86925a5b2130966a7eef22089
SHA256

6b3fd86cc1db67dedee5890ce422f465bc82bee661906d22a9418f32bf4b9e2f
SHA512

b1f6e881f7ae7d7a38ff8335639359a55e48e8404be9a66ca26a189f274d276dd0989cb972e44db9d7e98e96e3e2a9c9273003b04676a8f31d8f25755ce8d05f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Flb:W7ZDpApYbWjIlE77ufL2e+e16alb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3719) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.CFG.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPSideShowGadget.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\c5b8afdca1516709e2b79d4052d1f2a0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
69KB

MD5
8567621378f736d814dcbb216e9ef438

SHA1
0a2156aacb1b7424e474a93d185a15b9296fbfe8

SHA256
aa332d20497d081afd8cbabd148363e8fafe11d274bb25a6bd2b59fb8e519e8d

SHA512
6a127383e7a40eb7f8a81dcb38648d76818f8a4863f0e1f39a963656ccb446d2d946f7b381ccb8591b475bf95d3a2d1ba0adf2e37fc9628df4daf0d5167d0579

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
cef288b56adc70f2e140856b268a1dd5

SHA1
271444c227a819e4e1713bb88a5f892390e8a632

SHA256
82fbb823f3288ed9099856ee856f290cca7950d007ddc4c9b7952ecbc5c89289

SHA512
5b8aad5fefabe1197f6d78b604ab84be2397534bdfe6575e50f7f075068c4bdb0e4ea738ef5f39167ca3899fdc646ce0924666d1f0e613258d17a54848f4f57f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads