Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 21:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe
-
Size
31KB
-
MD5
4ff2214ef747f2219c6ccbd5d7785ca0
-
SHA1
65cce7967362fa45e8134f10ec3b3994c148c2f0
-
SHA256
c9ac674ddc7ac1f34868db3dc329cb2c5af80d228d6729d75e0e1a03ea044d02
-
SHA512
f4064c7eb93640c7931ef9713b1fbc483bae0c57e873886cde483a789b9a5372a013d251f4408f9189ce63784a85c80954f407c72b970b805d3851df3ca07d6f
-
SSDEEP
384:GBt7Br5xjLfAgA71FbhvP+7QEfQEijajHjr3Uh0URElali:W7BlpDpARFbhYQkQjjI3Uh0UREIo
Score
9/10
Malware Config
Signatures
-
Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\7-Zip\Lang\yo.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp 4ff2214ef747f2219c6ccbd5d7785ca0_NEIKI.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD592c633794c0fc4d6dfea50323de849ef
SHA17b67ff7fa5fe68a9ba69125d4ecb6d9cccb1cb39
SHA256a2f1c1e9922e4f54178b47062546ebffbfb531c38fd3fe2b2e80553ac568563c
SHA512bce69b4fa9152fd1b1ca64ac29f58a785900e14d7f4bb5a48035fc20afd5d5f5e68a9a01af936264d1de17ea1a41629f7b1c3f18c65a4b66c6aa93ba8a97211d
-
Filesize
130KB
MD5428057296e3e168068f75327e7dcf876
SHA1b205e08820ccb81fe9e2fef7c246a072d01a442d
SHA256b0a5f007e5ebeef3aa6c061c396616eb5b1ca4babf7b7b78482433655f9a802c
SHA5121ff976f7e3fb182787520a92636266f0723a1bf4c079dfb240711eb8b2a5122c242d9a4ac5fc8b75e406def022b25be18f92bf93ee4dec5f8522f9c4a0325f9c