Overview

overview

7

Static

static

3

535cdb0473...KI.exe

windows7-x64

7

535cdb0473...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    535cdb0473aa8486659423bfb757f3b0_NEIKI.exe

  • Size

    808KB

  • MD5

    535cdb0473aa8486659423bfb757f3b0

  • SHA1

    ee539b112da1d1f42a21203bbc76b67ae53a5f08

  • SHA256

    1418e2c8a99e208ed3c83d79aeb4397634abe0b907d9d9494cef704118a7dd92

  • SHA512

    646136c36858c4d45a179f9fd6e2d4133e310fadc0af5eab0055d2b54534655618885adbe099c20a70ba1bf158e66bf7d52edef2426901e7656fd721d2f9eed8

  • SSDEEP

    24576:7T3O8PXhx+7DkxSWxJbZCPB1pB3yLZmN1BRnM3L2N9Yh:7T3OUx1xSWxJbZCPBvB3eZmXBRnM3L2E

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\535cdb0473aa8486659423bfb757f3b0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\535cdb0473aa8486659423bfb757f3b0_NEIKI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Users\Admin\AppData\Local\Temp\4844.tmp
      "C:\Users\Admin\AppData\Local\Temp\4844.tmp"
      2⤵
      • Executes dropped EXE
      PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4844.tmp
    Filesize

    808KB

    MD5

    e7ef3696c7f7487dd26d452e9197b36c

    SHA1

    86dc6508aad6f2c17f7d528b1abcf34c57d5cb2f

    SHA256

    067380d128ffb7f10032f3f46c09c09f7bc5609e720db0ce293bae894e1833e3

    SHA512

    a8447c43dd434c03ddfe42054d9b8dca4dc433414ce4c90f15f4b65b2f930ad1f35b17a326127d614ef5cd20b4dc56b496356a03c4d41c1e94978363201c5372

    Download Submit

  • memory/988-6-0x0000000000280000-0x0000000000340000-memory.dmp

    Filesize

    768KB

    Download

  • memory/988-7-0x0000000000280000-0x0000000000340000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1480-0-0x0000000000D50000-0x0000000000E10000-memory.dmp

    Filesize

    768KB

    Download

  • memory/1480-5-0x0000000000D50000-0x0000000000E10000-memory.dmp

    Filesize

    768KB

    Download