613026096ee507d13ba47ecb64f5ede49f1b85a190c2d9d0838df233f3817c45

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
Size

177KB
MD5

edf9c39840cd372a1f95082139bf8dd0
SHA1

31daa858390c5e9c0f2e35b875d117ec00d0febe
SHA256

613026096ee507d13ba47ecb64f5ede49f1b85a190c2d9d0838df233f3817c45
SHA512

f1976f2dbecaf92e77a3d507ad7e55dccc249f0201279a14756dac7421fcae180e037c71ff28f8a7d6a195129eee9c3acd2c8669667a8e7c7b65c4da609818f4
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu3:JiQSo1EZGtKgZGtK/CAIuZAIu3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3238) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1188-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/1188-540-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\CompressInitialize.wdp.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\edf9c39840cd372a1f95082139bf8dd0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
177KB

MD5
5efb0977189d6ccef8f30ba4895ea8f4

SHA1
452ac54f05a018c63ad60cced533973b6656d981

SHA256
b8a5eb3084c61e9a955fb3dc4f644c6f32a8377ae83e1c080795ce1e736288ed

SHA512
fc44aff4368e0af5c08af6836997cb6e0739c4a270f6e65a840e02937ceff64acc9fdae825ce404f8aee736e167bf365759acdc3f979c93e143b9deb3b59ae8c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
186KB

MD5
0b210d77f412ae25821cae860e6ad129

SHA1
eb41c3c6ebcfd0e84c7e6ae9dbbe5127121646aa

SHA256
7ad2a4ce9c64925a4f452756c56076abcf3f0e515e50d8f6d624c537ba660820

SHA512
1579e4e47e227a72202803d77affd12e59349458f0ac7a2e07fd4c8e982d1bfa995e360a5eac702b1e931af0dadcfcac552b41198ca133629d014ac1f5d38074

Download Submit
memory/1188-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1188-540-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads