Malware Analysis Report

2025-03-15 05:43

Sample ID 240509-alv15afh2v
Target aa120751f3688034d1c09796fb6a4710_NEIKI
SHA256 57a6faecce8f65cfa66e2cd2e16283e4862fbe8f4717ccde2600deeedb296cce
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

57a6faecce8f65cfa66e2cd2e16283e4862fbe8f4717ccde2600deeedb296cce

Threat Level: Shows suspicious behavior

The file aa120751f3688034d1c09796fb6a4710_NEIKI was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 00:18

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 00:18

Reported

2024-05-09 00:21

Platform

win7-20240419-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\b: C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jps.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Mahjong\Mahjong.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Internet Explorer\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Windows Defender\MpCmdRun.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\java.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\updater.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jar.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre7\bin\javacpl.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe

"C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

C:\Windows\SysWOW64\at.exe

at 1 /delete /yes

C:\Windows\SysWOW64\at.exe

at 12:23:32 AM "C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

Network

N/A

Files

memory/2208-8-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

MD5 e7dc3153b95fc3afeb74ff63943236f5
SHA1 856bd30f5b2185ec9958feed4fc8ef694c6050ab
SHA256 e281d0046b927bebc46ef07f7bd35fb46f5bc17b2f8c00f44bdcfc8677e12c94
SHA512 0265d0a4ee5f541252f0afe08f3e4c5e1eb95a1bffdfe2379032d5ed782eb5d944c830fcc283ec20acac91efa798bf51649d21b449b5899965114c959c1a570f

memory/2208-17-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-23-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-35-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-45-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-55-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-66-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-78-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-88-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-98-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-110-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-120-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-131-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2208-141-0x0000000000400000-0x0000000000428000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 00:18

Reported

2024-05-09 00:21

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\b: C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\lcms.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstack.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\xerces.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\dotnet\dotnet.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\dom.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\xalan.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe

"C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

C:\Windows\SysWOW64\at.exe

at 1 /delete /yes

C:\Windows\SysWOW64\at.exe

at 12:23:36 AM "C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 4cd48bbddd29ca31d34a9d67fc3a2075
SHA1 f85bbfa79f2671bb38aefaa908178ec5fe130dfb
SHA256 ce92525ccc1032ab71607dd0c98509f17539edb78d2ea1ee7fe280d4951f55b6
SHA512 04ab035119a4e3ba29aef947318f8cfea588a24dbb357ab24f20e5520ea9853e3f824d07429e5da2e3e4c19ba063cb88257ea5ae417189727e7179d740e7fcaf

memory/2204-14-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-21-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-31-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-39-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-49-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-59-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-69-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-81-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-92-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-102-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-275-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-288-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-380-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2204-390-0x0000000000400000-0x0000000000428000-memory.dmp