Overview

overview

7

Static

static

3

22d923c611...KI.exe

windows7-x64

7

22d923c611...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22d923c6112dff9b77a9415e5a828360_NEIKI.exe

  • Size

    480KB

  • MD5

    22d923c6112dff9b77a9415e5a828360

  • SHA1

    fb53bf4d6e739b075d86751496f09b6132b4e96f

  • SHA256

    e25bf80b85b938e1cb224183bac52094a55b0a12f75e806c980f8a92c0a745cc

  • SHA512

    ac5b2cf2103c12d0e4fed97825c6ea1d5ae1d969f2e976cfbffd76cb8cea0bdb16e0f823e09fec08c5ad6027eff09280e94092c6c27288fb7765326be99bb293

  • SSDEEP

    6144:AjlYKRF/LReWAsUySBaIL6GUDfz3Cv2c8wkZdlZCGugvrcjHqLzgzId+KBtccqd:AjauDReWEpL6GCDCmrlZCxKLzznp6

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22d923c6112dff9b77a9415e5a828360_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\22d923c6112dff9b77a9415e5a828360_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\ProgramData\ghjifh.exe
      "C:\ProgramData\ghjifh.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    480KB

    MD5

    bf47fa400ba8ef8261e39bf10a4df7d1

    SHA1

    b30e39e113ffa3927c50336848c5f78800d73e73

    SHA256

    d28730b75c617742cf4d2da71c4b155354e1368c3a57d546b687e40d0aed4ef5

    SHA512

    51c51b0984326d6898482a18b24bbe58b09cfde98e2f971f9abf3e40782b825c24da718722b49110f5736b12147c0cf0154c1904a5f4560e326a7b8cbd089538

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • \ProgramData\ghjifh.exe
    Filesize

    343KB

    MD5

    559be78f838b7a2227d30fe2bf996ca8

    SHA1

    c891be5c0cace7be891c8d693e2ffc667a07cae5

    SHA256

    02bc8e185849b08b4b6749e6a300e902d4fc1cf7e0a3cdbe18f83d72fc2a2827

    SHA512

    cddf3c7a80dee0c9ceaa733a294c43747520d8a10cc1e3a57c227e3282b8912d422bdff8815c4031401d9105e66814c84af6136ec20bb618118a879540492815

    Download Submit

  • memory/1328-102-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2336-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2336-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2336-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download