5c141f974763c1eac0895a94ffa3ab35105aab93053ff4308ed9e5a628daabb4

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a56a5835b5551dc805e929220a37a36_NEIKI.exe
Size

71KB
MD5

4a56a5835b5551dc805e929220a37a36
SHA1

edcfa0fa3f0027bff29eebb382cd546b767c97f5
SHA256

5c141f974763c1eac0895a94ffa3ab35105aab93053ff4308ed9e5a628daabb4
SHA512

6236398ab3dabaf174a1e7c5687ed096fc398a734f70ee86ae3e4745c322a8c3c338c7b4f444b9754024601d80cc32c2220b13e05e01df9724186bd01e91102e
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Fl3by:W7ZDpApYbWjIlE77ufL2e+e16al3by

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	4a56a5835b5551dc805e929220a37a36_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\4a56a5835b5551dc805e929220a37a36_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\4a56a5835b5551dc805e929220a37a36_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
71KB

MD5
c1bd5e29c10cb29bc5b1f90d605a9002

SHA1
7d98a618ccf1188dc4838022786677235e8084da

SHA256
ddb4fb083630e082d3040fe1e58e8cba8f61fdad3e9a73bf2d276104b5ed4280

SHA512
2844dae398bfe9037edc4195f951cfc8298a66205ee97e74e108e21110ac62f59c8c4dbfc714f461d6579a206fbb905047e9a8be224350429951fdc247d9e691

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
c19570bcd0f54d00f32776cbe8462dd8

SHA1
7168d95b80cb6a2be510ad2fa82e6ebd200dbbbe

SHA256
bc262ca47ae8f93712d7a09f27085e1586c957c0573eb49aaa3e51930e9781c0

SHA512
e421c59705bf2f3d50083678d0f650d21de3b75fd909e4fca810acb21f91da9d205e79dfda01bdd1bfd5050404b39090e10bf060972130afee53f60af3d7bd35

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads