e0ef1fc1f1fb9c81e6929d7e13b20954223e668f47d45e4af23df87309b58799

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
Size

92KB
MD5

a4107a5514501a46cdfe929b999b5db2
SHA1

32e3a8374545294f1a5a99e05a7e0e7de0e490c9
SHA256

e0ef1fc1f1fb9c81e6929d7e13b20954223e668f47d45e4af23df87309b58799
SHA512

ad97206db6d7b78eb90c690c7c9a11d4e6ffd999802665d316da43456a379cf87109420085850f171ee317828ab1e4e5ef903c25a65174c5755b0c446cfca5f9
SSDEEP

1536:W7ZhA7pApH1IwVHykEElEa0NQn0NQie+ep:6e7WpnhkElEa0NQn0NQie+ep

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4866) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	a4107a5514501a46cdfe929b999b5db2_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\a4107a5514501a46cdfe929b999b5db2_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\a4107a5514501a46cdfe929b999b5db2_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
92KB

MD5
615338f2d5d58a1b32e8e9b31f813c7e

SHA1
17a0f2cbbc6a54e2c59fd1717f14ce2d02e028fd

SHA256
8e73f4b23939f213a872b40f979e22826aabf176ef92b9052533d2836711346f

SHA512
3e8a04e9085d4bb22e153007e6490c55b80b8bc2870eeb1a518f4f1238988b69e804b2420c27e3eb23298d39e6464b785870b3afd27ef7d4de6419f5b7d247e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
191KB

MD5
821bd3dc1c6ec40582a925bc593361dc

SHA1
bb274b1183fa6526ec2f0ec914ce327f25032a73

SHA256
c83e96b9be49ea3cabc305921756ff58215bdcca10049929d316bfe764763111

SHA512
c3c8a57baffda3df0a1cecd400d5471eed28661934cf5248b4593c872aef5e6aa401811652124c1afb03c7e32ffd3e0348e44919a8110e4c3d37bb0395db72f3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads