a5fd753b182ac2d668404828530cf408189997d6d4fd578081966e69621de116

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c647b404570380f2a110855c56aa3d20_NEIKI.exe
Size

7.4MB
MD5

c647b404570380f2a110855c56aa3d20
SHA1

47a7a6d4406917938939e909760941091828cc7e
SHA256

a5fd753b182ac2d668404828530cf408189997d6d4fd578081966e69621de116
SHA512

7dd611f6c2ebb08d0653eb3839fcb8961fbaf25cd266b16b0a531f3cca97dacda1f5a964c395e88c933f7814d25572fb685cb99799e543f9a7288cd7a66a213c
SSDEEP

98304:v41u6uKZUDjKRTX7J3T2UIr5rRNWRCG6EuBISsETM4vSbPsS0uDmNfDhMRw/T6SG:v41nX8jKRLpyUIr5t66EuBHh6S6nwfAt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2296-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x000c0000000233da-5.dat	upx
behavioral2/memory/2296-1888-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/2296-4276-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\efsui.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\TSTheme.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\CloudNotifications.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\cmdkey.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\DpiScaling.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\autochk.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\getmac.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\upnpcont.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\PhotoScreensaver.scr-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\UserAccountControlSettings.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\waitfor.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\extrac32.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\mmc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\svchost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\charmap.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\InstallShield\setup.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\net1.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\GameBarPresenceWriter.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\tzutil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\CheckNetIsolation.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\eudcedit.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\explorer.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\msfeedssync.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\tracerpt.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dpnsvr.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\fsquirt.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\mcbuilder.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\TCPSVCS.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\format.com-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\ndadmin.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\setupugc.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\sdbinst.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\sdiagnhost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\TpmInit.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\credwiz.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\gpscript.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\scrnsave.scr	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\label.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dllhost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\dllhst3g.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\fsutil.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\setup16.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\setup16.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\tree.com-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\diskperf.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\Magnify.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\Netplwiz.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\winrm.cmd-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\Fondue.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\SearchFilterHost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\stordiag.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\setx.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SysWOW64\WerFaultSecure.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeComRegisterShellARM64.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateBroker.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\7-Zip\7zFM.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeComRegisterShellARM64.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Program Files\7-Zip\7zG.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.19041.1151_none_aa086da848b2c07b\r\rdpsign.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1202_none_fdbbcf53ca14e151\f\wimserv.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1202_none_497a4c9b969ee5eb\f\WSManHTTPConfig.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sysprep_31bf3856ad364e35_10.0.19041.746_none_cd77eb91574a2623\sysprep.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-csvde_31bf3856ad364e35_10.0.19041.1_none_112f38db81e24102\csvde.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.19041.746_none_d1f5ce67827e350f\mtstocom.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_ed4855448241f7e7\r\Magnify.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-more_31bf3856ad364e35_10.0.19041.1_none_6ca00840ecccf7b3\more.com-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.19041.1_none_ee822d264112a470\powershell_ise.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.19041.84_none_6461f879a9c4a23e\r\wifitask.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1_none_2e738f426c6e2839\Magnify.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..eapplifetimemanager_31bf3856ad364e35_10.0.19041.746_none_45062eb997366a7f\RemoteAppLifetimeManager.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.264_none_863c21753674f968\r\IESettingSync.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1_none_b29cb2f3845833b7\UevTemplateBaselineGenerator.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_8636783e05df6f4e\r\ndadmin.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1202_none_dfaaff89afe4f3d4\f\vds.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winre-recoverytools_31bf3856ad364e35_10.0.19041.572_none_b322aa88d0148356\r\ReAgentc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.153_none_f3a9dc0fe254a157\wmpshare.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_10.0.19041.1_none_d16ea4809a87fadb\WPDShextAutoplay.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lxss-wslhost_31bf3856ad364e35_10.0.19041.117_none_9be21f0ef860b570\f\wslhost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1_none_d0ebbe21df584658\wmlaunch.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.19041.1237_none_a6ef3a2e62766c5c\f\audit.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_security-octagon-broker_31bf3856ad364e35_10.0.19041.546_none_380485edeba9f4c4\r\SgrmBroker.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-csvde_31bf3856ad364e35_10.0.19041.1_none_b5109d57c984cfcc\csvde.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.19041.746_none_9043799a93dba365\r\LicenseManagerShellext.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-uevservice_31bf3856ad364e35_10.0.19041.1288_none_f26bd0dcdf662cc9\r\AgentService.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.19041.844_none_95c651508e565d13\r\provtool.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.746_none_3d198a3dbf54d1b4\cmdl32.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.19041.1_none_e6643fd4db9b8479\SystemPropertiesComputerName.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-appcompattools_31bf3856ad364e35_10.0.19041.1_none_a9109d150b1bf064\ROOTDRV.CMD-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_windowssearchengine_31bf3856ad364e35_7.0.19041.1151_none_ec390bd802a1c630\SearchProtocolHost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.19041.1_none_af96916428136673\mobsync.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.19041.1288_none_f92f7256107c0e35\r\nvspinfo.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\x86_caspol_b03f5f7f11d50a3a_10.0.19041.1_none_2cbf497a80df4629\CasPol.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.19041.1_none_2a38e2996ee84e57\TapiUnattend.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_0e40322ba49953c6\cacls.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-assignedaccess-guard_31bf3856ad364e35_10.0.19041.844_none_10a0a60f1ec9cc10\n\AssignedAccessGuard.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ls-adschemaanalyzer_31bf3856ad364e35_10.0.19041.1_none_89e9f21ed63037f6\ADSchemaAnalyzer.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-mdmdiagnosticstool_31bf3856ad364e35_10.0.19041.1023_none_d3d892f3280079d7\MdmDiagnosticsTool.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.19041.844_none_f3894559140c31d7\r\imjpuexc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.19041.662_none_e341f52007f6d1a8\f\wecutil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shellhost_31bf3856ad364e35_10.0.19041.746_none_f47187f881cbaf7d\r\sihost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\r\sftp.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-containers-ccg_31bf3856ad364e35_10.0.19041.844_none_3a7392af5414371e\r\CCG.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.84_none_2d21e26a18d595c7\directxdatabaseupdater.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mnotificationbroker_31bf3856ad364e35_10.0.19041.1_none_7da5a59f860f2406\DmNotificationBroker.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.844_none_6f27e9e1e7c4fb87\net1.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_addinutil_b77a5c561934e089_4.0.15805.0_none_fcd173bc1b434b81\AddInUtil.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\unregmp2.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-mbr2gpt_31bf3856ad364e35_10.0.19041.84_none_ee550b91ec0a7e82\f\MBR2GPT.EXE-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-unp_31bf3856ad364e35_10.0.19041.264_none_8adc8bd8b75d383f\f\UpdateNotificationMgr.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.746_none_9ebd3ef9f0c794b5\r\WmsSvc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_10.0.19041.1_none_420589df53dc49e5\aspnet_state.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-analog-facefodhandler_31bf3856ad364e35_10.0.19041.1266_none_1f1ff89fbf279f16\r\FaceFodUninstaller.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-certificateinstall_31bf3856ad364e35_10.0.19041.1151_none_ae854961a06058b2\f\dmcertinst.exe-	c647b404570380f2a110855c56aa3d20_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\c647b404570380f2a110855c56aa3d20_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\c647b404570380f2a110855c56aa3d20_NEIKI.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe-

Filesize
7.9MB

MD5
123589f2f4b39479fb11b09704023fae

SHA1
a44ffcca9371e1b0f105f1b106456e8f31ca34c8

SHA256
9fff6a7303a6ab4586659677c09b7591af5c7b46908513cbfb51a8fb664cdbbc

SHA512
a858691e129bd4b9f641dc5ab11b8f1552c1d8361b4d9bf28c79da7747c256b4c78decc9b3075e826f15481a0cb1b7ae1be20313e4a9b4886fe5f87da654b3b0

Download Submit
memory/2296-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2296-1888-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2296-4276-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download