bb0d9149525c53dc9181c61fd28310fc274d41dbc89fde2f207dfff5b0a56af7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c96584da83d22a27af1997d596ee6820_NEIKI.exe
Size

136KB
MD5

c96584da83d22a27af1997d596ee6820
SHA1

cf647142632e77e2f97ac4c35ccd9f6bb822e8de
SHA256

bb0d9149525c53dc9181c61fd28310fc274d41dbc89fde2f207dfff5b0a56af7
SHA512

6e381c361c0f3d8bfb0c6a3166eeb3ac69cf7b7b4234085232bb7bbd79e050fffa563c34842885c53b0ffe35cd220ccc20a6fd288b69fb48246eba7f7d92b6b6
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0s8P43P:RqlIyFESWu0SWu2s8P43P

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	c96584da83d22a27af1997d596ee6820_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\c96584da83d22a27af1997d596ee6820_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\c96584da83d22a27af1997d596ee6820_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
136KB

MD5
a5f44059ebf8cc32eb8f06e27e4b0a6a

SHA1
fdad99e90915bdbe1950a320cf59ad1f0eccd156

SHA256
da7a8c6ef86eca72f64c0ef135c32cf951026b0fae7b2891fae437097edbeee7

SHA512
4b13db16997b2e6abf06b613b2658e13b5657805372fcadced78dfa6967302bd435c35c28909dfeead96c926c3947e1df368e04e428d18ff70c702e62ce47a07

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
145KB

MD5
a0f42c28a89a10dc54d75e73dc12378d

SHA1
99cfc4aaa9015236fdb4f37db1097cd89649b365

SHA256
0296a821c3f42baacfe75fc92f14d3004f7b642fd75e1e2ab2659390ea1a3fd7

SHA512
1b8824a255e46091dec888111e0bb5c3d749deb06f5c093cd515a4ebd2f7c4b8ddefa4bd135c971b95dfb9b7da19efbac78475d9d13e540c989b5951cc3732dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads