3cb39db6bb4ae8c45e2933e2f6894c431b8482ead7f0584146ff6869d4daedc6

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
Size

107KB
MD5

dcf7ecdd68c63cf603ec6891d84fb73a
SHA1

204b817a68feb12d6b028919b6e4e2ab727a6435
SHA256

3cb39db6bb4ae8c45e2933e2f6894c431b8482ead7f0584146ff6869d4daedc6
SHA512

67b2d3d36ade22d8502a4e8198302f901ca28b3801fcb97150bea3592fabc3b0645398a8b10499b7879100ad8a8b0bca0f201a8dc6c62f5b94d3dbba1540c8a4
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOU:W7ZQpApjIWe+eoO6O2lpiMZiMjjW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4820) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\dcf7ecdd68c63cf603ec6891d84fb73a_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
108KB

MD5
8768e4848fabbcc40692782a9ebd5f3a

SHA1
6ecc53bfc2f622c352233a6948517b6d55c807ef

SHA256
d7c1a9f9262eb6d6dd4fe07c6dee7efe3658dd2e1b9b37770ad5acc8ee7b8c77

SHA512
0c0bb3ca53cf69b8b3f61b6ebe2cf38aabbe2d459b71171f290c3b8d832c94cb454a97a4a4b32bb936f98517d79d5a109f71ff290673dfb0afe247ad0ffe9d4e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
206KB

MD5
f77c57b9dc7f63da3bf4e91ebaf019e7

SHA1
49e36ed1252d8569366111c5be8a0ba768a1e96c

SHA256
564f85bf0161b5d2a5de24c7467a4dc817554ad6a803b5232b764c38cfb9161c

SHA512
18a8f67a060d7022ec22b5afeedbcf48a9af72d6b5fcc1ab33a6c3b11033099fb67b102cc4bf8c88ce7640cdc0e0ad596303739796be2f439ca7e6d73ef9b106

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads