Overview

overview

9

Static

static

3

440b67c8e7...KI.exe

windows7-x64

9

440b67c8e7...KI.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 12:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    440b67c8e7180ab43117726eba8df881_NEIKI.exe

  • Size

    93KB

  • MD5

    440b67c8e7180ab43117726eba8df881

  • SHA1

    80dcfbdb80d83a1c1b24a2ff1c923c33305365e6

  • SHA256

    9543704d436248a178f13c391cda0c16ed435118b035d2dfd983b2b3ce49b758

  • SHA512

    e6097c409df309834188afb90b78fcefc8991690ae2d90d3f6e8cd0480fa7f56be84636251adee8c3e0d5877df47ddef8acaedb83392d0037e9fdbce082e56fb

  • SSDEEP

    1536:W7ZhA7pApH1IwVHykEElEa0NQn0NQie+ep:6e7WpnhkElEa0NQn0NQie+ep

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3462) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\440b67c8e7180ab43117726eba8df881_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\440b67c8e7180ab43117726eba8df881_NEIKI.exe"
    1⤵
    • Drops file in Program Files directory
    PID:108

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
          Filesize

          94KB

          MD5

          cff286d03188e426f2daebbdec1af61b

          SHA1

          3ea90428f74df846d13d9bb84de6ba9be53e1b64

          SHA256

          8d1b893e3891c6e074d6bc30ac3b850ac90fa0cbfbd2a7104716fc1a5b327f21

          SHA512

          02dfe9fae52ddc941b33b086a64febdb4b864cdd4ab62fd67979c6a9285bf07535701db715e210c3572a0b8cffeb9c9a3149a4bd6117584e01ce16b287165fee

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          102KB

          MD5

          a9e1e2d0987d1c211d2a0c650aadc28c

          SHA1

          9d4cc692caf19a12b6693d6f29a6c0431848a48d

          SHA256

          b7c3fe6c2e06c209e91be42f88053e44574599cd584ad60b3ee82333ff313dc0

          SHA512

          bcc317b5723c8ffca6b408f8a5b4ebe21cbe6eb93fec006adbdaab48f704bdc5299723e9ea9f6042de2b1fe828972344a71a6ddd99621255d98dcf9dc204f302

          Download Submit