85bc4d7b741cc65ea603ec91548818f12778eb79953b44dcdbc0d29a2897621c

Analysis

max time kernel
147s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 15:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
Size

117KB
MD5

eaf159455fcadc78bf66dfbde568d7b0
SHA1

9d3d22e479588600c3788d1bdef1b408448a4d08
SHA256

85bc4d7b741cc65ea603ec91548818f12778eb79953b44dcdbc0d29a2897621c
SHA512

def950899b763ae93bf01c91d91059c45817f48f67b4cc73d2bdf6698211890c556ef08860be60ae2a998e0d81991d1e596cdcc77e7b88dd913059403e069d07
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzn:RqlIyFESWu0SWuGSj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\ConfirmMerge.vsw.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\eaf159455fcadc78bf66dfbde568d7b0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
118KB

MD5
50b495764ed0231d05180bbcc5be08cc

SHA1
c0e979ade580d938ac179f9f30b74915614b2079

SHA256
b8cc042e28d6eddbab5b11f09ac7e941dd394dbeb3fa132eb5d2ca42e2a8db0e

SHA512
5ad2bfab05da89b11fe05dded0085aa12a3b8ecd6b8a62f9a952dae6c9af1527c353e8c198f76add3ecd27a4dbd9439810531b3c8007ad4b045a060862cac683

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
126KB

MD5
f4716318bf63b4bf3e29a6c33ddcafe6

SHA1
ddb62b05ac0e94d80ce7da81e9c9cdaa2026c66b

SHA256
21c1531aae17db0410ae3cc21012549a67b9cb6fd42341de77a31abcc7bc1d2f

SHA512
e0fd0cd28b4963fa2f93451256a93c2a4bdf64fc2531414aed929d08cf636adc9ecc7cd8fb5d5d13d2645a507806504c46087f78b43c42acbea2edc0af73dd68

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads