Overview

overview

7

Static

static

3

61e73e8a4d...KI.exe

windows7-x64

7

61e73e8a4d...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe

  • Size

    4.1MB

  • MD5

    61e73e8a4d1b219b81781c5c4a750a30

  • SHA1

    f7b9d3e26f946e2a976eb465683274496bab227c

  • SHA256

    53c9d4a01e8909b1ee0a76993aa8f7da8cc3b539f16b2fce2ebf3d5d2569afd1

  • SHA512

    8557a29364eaf395d3356240a5d356f8863c8e07ac87cc3f151c33b859bd4a5259dcb7cf681af14c1fc5d2cd825cf3433a9c4d61963e47fc012809cbe365bbf9

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpH4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmc5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\UserDot1R\abodsys.exe
      C:\UserDot1R\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint8C\dobdevsys.exe
    Filesize

    7KB

    MD5

    2a66be02c3c27b489db2b8f5953bfa44

    SHA1

    242635a3ee1d142a92bde39c7a1cc5f12f53958b

    SHA256

    03c57c4403a457ba972b4a8fdf0a50876ef50b8a586b9366482ff3c6b84629f8

    SHA512

    8aaf81d458a35a958dddb5bc34416bc1e466d0c165d37c2b731745a84fe3083d42dafb1a1f3ef64045127ac64eba2d82205268cb3b08604e71997aec0d2ce625

    Download Submit

  • C:\Mint8C\dobdevsys.exe
    Filesize

    4.1MB

    MD5

    9cef56cc4094f380367808a9cbabc532

    SHA1

    c01ff5251418c07fd08c91f957a060e074f034a7

    SHA256

    f1cbd31334d7601fd4aa05506c9d180a31ec30fd40011414408ef1e4c6428070

    SHA512

    2abeda03c1108b745e8218b9d1af8152e58d2bc2e540945700dcdb98b5515deafb3f75cd511ff986d0ed3439a02de7eae579bd5d234108449e27a40a82d0b6ef

    Download Submit

  • C:\UserDot1R\abodsys.exe
    Filesize

    4.1MB

    MD5

    326643f4e7559b5a9639c4a654ae0599

    SHA1

    53b6df7e7348c42188e734fc3019d9523ee1f167

    SHA256

    d03b0a3d03f744448f7e65cc3ee4514525ab09498aaf5f9c032a52e948793b09

    SHA512

    a866b593c73b6e58c5497b4240f3d9630d3bd61eca902138d0c67d09f26872e1e2dd876fc6c571a1ac7e8a52c6b6cfa9ce946ce4a5cdc27002414ff9fd1e758c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    dd204b3ade71543651e046f5feb99437

    SHA1

    1430a398a8f37e47f83193d3e5cb9794ae66cd8a

    SHA256

    6e0db0efcfc1d8e91c5794ca6120c233faae8cecfad72b259fbadce77f1122be

    SHA512

    495239fe4084643aeb4da9f98ad078d6cbae492e8754665a037a3e8b0ce6fb7373a46a83821cfa030c1dc71db80a35ec89e45f25cc22efea4cf5403c7b5eee43

    Download Submit