Overview

overview

7

Static

static

3

294e623eb5...KI.exe

windows7-x64

7

294e623eb5...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 20:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    294e623eb5ad569622550730ce2d9c20_NEIKI.exe

  • Size

    4.1MB

  • MD5

    294e623eb5ad569622550730ce2d9c20

  • SHA1

    d22bd803918ca74032b738e1dc42234f59eaa3f3

  • SHA256

    166ee4beab5528a6e46112bdb8e0355270aa9429650d96d3dc86fb4466eb6a8b

  • SHA512

    11304a0a4afcc9446a2402f4461f0f2e1fb98e53af749e26f1f0991791b46031f550bd40cfef85fbe4b5d639918ef082281ba818834c3749869716b722a8bbf1

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpC4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmN5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\294e623eb5ad569622550730ce2d9c20_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\294e623eb5ad569622550730ce2d9c20_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Adobe3A\devoptisys.exe
      C:\Adobe3A\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Adobe3A\devoptisys.exe
          Filesize

          4.1MB

          MD5

          b5dc3fd1006e463b0e755e1e0f167f93

          SHA1

          5cb93384b98bf3e4a9e64aa5e005f785d098fff5

          SHA256

          93d10df0a953756ec42aa23fe31ac04fe412ebe2bd1a0055adca1e30e44fc12d

          SHA512

          0b0062af9bf3b6f7b7badd21edf55c86130e24efa815bfbf81be5ed44760da7a3c318e2767f274fab1932ad6edd7ad48b5b6b240a58e1f0acad0634cd4b5de98

          Download Submit

        • C:\KaVBAN\bodxec.exe
          Filesize

          4.1MB

          MD5

          5be1a168f6f14ae33712b78187bbcb43

          SHA1

          8f8e2e7544c6b7ed19c5f8b4a4e134448d8331de

          SHA256

          6b139f04ffee7f3815f0e21d756be82ecd507e71c525721d3eb5d38f03988153

          SHA512

          5385a0eb9b98199a45a7281e25b6de999fd04b5f9c23a95b9950f71caf2364fc9f220468f3c95ede9c90434f94a6dabd60f32facbbdd568b4d647a34d84f837d

          Download Submit

        • C:\Users\Admin\253086396416_10.0_Admin.ini
          Filesize

          203B

          MD5

          b600d99312808858ba60ad8a36779830

          SHA1

          e4bdca23fc16c994a56244ca74b2622960b4c867

          SHA256

          0e552ff982421c916aa3826549145a1c5490e66c826e3845d8daa560e497017f

          SHA512

          c5cfe303ab58fa46c37dba2e34a4d1cd5bed18cd170ff04aa5647b9f5a8deec7a26c2e4b186a2fa2326736c92f4514918741aec17a671303a1a50a153dc98d09

          Download Submit