192f326427aa33de5bac9343077dd3d4951007f688955916cd78264fad862bab

Analysis

max time kernel
113s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 12:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
Size

379KB
MD5

61ad71fe34f1bed27d4384340c3f9586
SHA1

17179dff68de50d6f19fdc6ee16f5566aabcb9f2
SHA256

192f326427aa33de5bac9343077dd3d4951007f688955916cd78264fad862bab
SHA512

cd64fbeb8b0a63922447510b36df4570e47a70045060cdfa7974f4f5418ef00f5c7b3eb0748a8d2d63e419fd837bdb8861e16d3f9fc8ac6228c2b3aa1984a85c
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsEhBhgKE:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\61ad71fe34f1bed27d4384340c3f9586_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3960 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
379KB

MD5
fa8490219b920627eb72bbc068ffcf57

SHA1
810a802782b847e3c808de45ad8323b3f28bee51

SHA256
3ca15dbc3291340046a316cd680e74af8528ed9c5c7ba93116a22624a8ca36e9

SHA512
f822335c9d613a422d68b3e89e7bcc0e5c385f4953e719f11752ad4f1b15825c226c8fd1f71a093c3aba36d4d3bb1fa735b76b74563bbc381d497806ed70b153

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
379KB

MD5
6e30be106eb69d6b6df1edb6b3d5adf7

SHA1
e449dbe9fc409cc87d481ab6962b74c5215f97c0

SHA256
388b877e3a4060f4990b664030b44a3fabdb28e0d5eacf9a81960040855aaad4

SHA512
9b356012f5cbb7714e4b99cdcdf4e552653002c55755dd1bd696aae942f0bafbb31d63f886533d655168f9b2b97f4c6912e36751b81272d21c938bc1e38be0e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads