Overview

overview

7

Static

static

3

3afc1f9c32...KI.exe

windows7-x64

7

3afc1f9c32...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    11s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3afc1f9c32d297eaf86532e750c873c0_NEIKI.exe

  • Size

    43KB

  • MD5

    3afc1f9c32d297eaf86532e750c873c0

  • SHA1

    320a51494021a521e0d3a550b7ab2f3e867e7e50

  • SHA256

    d7006f65bc5d0b88573067eaae19b5a60920f2c2017d5987755f6c75c8dfa29b

  • SHA512

    c4591ab549ba734679b5dcb4049d37f7edcf6c0ffaece84413676c9e6bb67d77212df1e6f95bd38956e5b9d5721f53cc4eec369a9fa12e38036504e07da102d9

  • SSDEEP

    768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAwW:b/pYayGig5HjS3NPA/

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3afc1f9c32d297eaf86532e750c873c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3afc1f9c32d297eaf86532e750c873c0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\retln.exe
      "C:\Users\Admin\AppData\Local\Temp\retln.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\retln.exe
    Filesize

    43KB

    MD5

    6eeb32242726f85d048fc86f5e9155db

    SHA1

    2f67bd72cdb1591e5d1e3ebb3e04fa2e12734c19

    SHA256

    8cf0ac8f42e23bd480e6742bd11aa0618027ff60fbd60236c6f5064606dcae82

    SHA512

    0fc7baf0a1cdd90a4a90831e6671c97ee077e912446c5a8b0466daabd9214e59fd4ce9f9c999e44f4f90d90f0dfcd14cb368aa6a9c4bff1d98c5854490776a9d

    Download Submit

  • memory/1904-0-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1904-8-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1904-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2504-23-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download