a5fd753b182ac2d668404828530cf408189997d6d4fd578081966e69621de116

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c647b404570380f2a110855c56aa3d20_NEIKI.exe
Size

7.4MB
MD5

c647b404570380f2a110855c56aa3d20
SHA1

47a7a6d4406917938939e909760941091828cc7e
SHA256

a5fd753b182ac2d668404828530cf408189997d6d4fd578081966e69621de116
SHA512

7dd611f6c2ebb08d0653eb3839fcb8961fbaf25cd266b16b0a531f3cca97dacda1f5a964c395e88c933f7814d25572fb685cb99799e543f9a7288cd7a66a213c
SSDEEP

98304:v41u6uKZUDjKRTX7J3T2UIr5rRNWRCG6EuBISsETM4vSbPsS0uDmNfDhMRw/T6SG:v41nX8jKRLpyUIr5t66EuBHh6S6nwfAt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0008000000016ce1-6.dat	upx
behavioral1/memory/1924-3423-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1924-3673-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Magnify.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ndadmin.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\perfhost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\secinit.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\finger.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\mode.com-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\sc.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\SyncHost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\SystemPropertiesComputerName.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\mspaint.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\userinit.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\xwizard.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\diskpart.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\fontview.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\IMESC5\IMSCPROP.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\logman.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\netiougc.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\PkgMgr.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\resmon.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\systeminfo.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\more.com	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\msra.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\recover.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\diskraid.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\getmac.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\netiougc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\SecEdit.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\chkntfs.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\HOSTNAME.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\regsvr32.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\sdchange.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\winver.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\DWWIN.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\efsui.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\find.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ntprint.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\taskkill.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\wermgr.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\auditpol.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ctfmon.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\wbem\WMIADAP.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\attrib.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\cscript.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dfrgui.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\mobsync.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\winrm.cmd	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\calc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\printui.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\rasautou.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\raserver.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ARP.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\chcp.com-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\cmd.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\cmstp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dvdplay.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\InfDefaultInstall.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ktmutil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\7-Zip\7zG.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Mail\wab.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.1.7600.16385_none_1c92c4d88ce86757\wmprph.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_6.1.7600.16385_none_498d334c14a3b9bb\hwrcomp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-telnet-client_31bf3856ad364e35_6.1.7600.16385_none_1426830c3ebb712d\telnet.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_328af534074dc6cc\icacls.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_8c46e17f1398738b\schtasks.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_be8bab32249b2a4e\RegSvcs.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24\tzupd.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_12c5b5b81f2d2f1d\evntwin.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_31db018394805d6b\TSTheme.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_0de23daf595f5711\MSBuild.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_009cfaa696afe78b\comp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\ehome\loadmxf.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.1.7600.16385_none_901eda10f3ab38d2\McrMgr.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\Journal.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_5aad0353642dd29f\SystemPropertiesPerformance.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\icsunattend.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\colorcpl.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-compact_31bf3856ad364e35_6.1.7600.16385_none_f9cb90ee16e61ec6\compact.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-label_31bf3856ad364e35_6.1.7600.16385_none_570561eb2b9c151d\label.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\TRACERT.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.1.7600.16385_none_e3aea9874278550c\cofire.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7601.17514_none_4458ac8eafdacbdd\isoburn.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\windeploy.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_b55b5e1094b0283d\certutil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\SvcIni.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_3.5.7600.16385_none_8c3cf176a8e91487\MSBuild.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\tsdiscon.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-cttune_31bf3856ad364e35_6.1.7600.16385_none_b35ae2951fd8adbc\cttune.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24\newdev.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a\MdSched.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdclt.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.1.7600.16385_none_41c821eeeae8dea2\pipanel.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.1.7600.16385_none_160ccc8a92fae520\winrs.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.1.7600.16385_none_0da126f11187fafa\PresentationFontCache.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7600.16385_none_5da98f433f7e2878\where.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c\bcdedit.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7\smi2smir.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_e97e2f6c50a1c3c0\mtstocom.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\nfsclnt.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4\diskraid.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_4cc4738d82efdf85\makecab.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_6.1.7600.16385_none_78e75d04c1b0c873\fvenotify.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\winrm.cmd-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\user.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\c647b404570380f2a110855c56aa3d20_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\c647b404570380f2a110855c56aa3d20_NEIKI.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
8.3MB

MD5
0ef6f9557ae41bb89c9798d90d07cad5

SHA1
4003389fc6158b61d35cbd1a0b2db05c53754484

SHA256
2d6bed619a3e47b7d1dd486fb4e075591453f665dc33a4f023ca46fa964e49df

SHA512
b16de55d0899a4ce9b925a377b7d767e2881565b3c393ab6a2e8adf73e0318639e026c17fa0fad3b32e8da881ce2c7f21bbe03acc20f99f06607f27144b68327

Download Submit
memory/1924-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-3423-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1924-3673-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download