6af5ba78ff53261896a6735d3a82835ad40defc5f740c767fe717a7108c838e4

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 08:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

018674365837ffa7cdb067294a4c3560_NEIKI.exe
Size

68KB
MD5

018674365837ffa7cdb067294a4c3560
SHA1

806a48bd4f590ea6d6fae2aad2d4bd6cd81bdce4
SHA256

6af5ba78ff53261896a6735d3a82835ad40defc5f740c767fe717a7108c838e4
SHA512

7d88de3d621b58bef01198f7595fbf0711b6bbf57454781d83201dab67f628a017ff21c2d26f61d03584e4887f5989aa49ca446e2e5fffff5910cbd11b941fc1
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReF:W7ZDpApYbWj2WTWJe+e/q0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3717) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\clock.css.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	018674365837ffa7cdb067294a4c3560_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\018674365837ffa7cdb067294a4c3560_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\018674365837ffa7cdb067294a4c3560_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
68KB

MD5
2fe8aa27d4dcd1d8b0096728b263373b

SHA1
5cb7f1631ed6f340db9f48a2c47f95c20facb374

SHA256
3579aa16fffc50f374f349ed3a456f8f9832b19df0eb758717b4cac1c5a4ee49

SHA512
ca5890cef7eabeb356f42f808cd96739324b096fe0df43c05b419cd5138599c7a0af82ac238b5ab1d0470944f1896cbcc335186586ba2dade913ab8417f18c27

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
ce8b1a4d17ed56437d83f41bbc5e45c0

SHA1
86791958805a34167c1f321d2770c61c57a828bc

SHA256
c1a8ff669b64237e8bb0658d9b81675d8992f067d22b2e5947570af67968d687

SHA512
181ea1b91c8d069da22f38047f4bf5c877d08b2edaef3318258130ef36212517842e82372b23f9dfd77c7736df26eb04fb5cc0b6eb1f529da3bfe1c787ae3d8a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads