Overview

overview

7

Static

static

3

33c128a380...KI.exe

windows7-x64

7

33c128a380...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33c128a38035d64ff32a651429bddbf0_NEIKI.exe

  • Size

    1.7MB

  • MD5

    33c128a38035d64ff32a651429bddbf0

  • SHA1

    17934221a1c6a442cad80a9e438657517fe91e96

  • SHA256

    70fce0cba8ac3f5b338635e92219de4ffbe38019a2d4d7402d89f776ecfd4bd5

  • SHA512

    676f06b4824de8e97da9352dd659af9af1e9baa13f1c380718e117d4f588f694586bc00b01c4dd4d4124a3fd27477d3f8778a52707d98e11ec39772fa57d61a4

  • SSDEEP

    24576:s7FUDowAyrTVE3U5F/ZGqKs6rxKic6QL3E2vVsjECUAQT45deRV9Rg:sBuZrEUUtKIy029s4C1eH9i

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33c128a38035d64ff32a651429bddbf0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\33c128a38035d64ff32a651429bddbf0_NEIKI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\is-KQQIV.tmp\33c128a38035d64ff32a651429bddbf0_NEIKI.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KQQIV.tmp\33c128a38035d64ff32a651429bddbf0_NEIKI.tmp" /SL5="$7011E,922170,832512,C:\Users\Admin\AppData\Local\Temp\33c128a38035d64ff32a651429bddbf0_NEIKI.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2MFO3.tmp\idp.dll
    Filesize

    232KB

    MD5

    55c310c0319260d798757557ab3bf636

    SHA1

    0892eb7ed31d8bb20a56c6835990749011a2d8de

    SHA256

    54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

    SHA512

    e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KQQIV.tmp\33c128a38035d64ff32a651429bddbf0_NEIKI.tmp
    Filesize

    3.1MB

    MD5

    91011c1ba90616cfb722ef9cec620639

    SHA1

    582eecd5ad6a49e6b5901e4bec398ff9858bf1cc

    SHA256

    682334e99cfdcd1adfb4c37af2f90afa2e6814248e9faa470b04c4025ef74748

    SHA512

    f3d578da41b956b26e5ff602853bf2bc12b69afda5cad56a89cf013be7154ae001e1ecb67db73991ade4f37f650904401604a31a9f8ccfb996144111621b1fd1

    Download Submit

  • memory/1392-0-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1392-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1392-12-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3568-6-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3568-13-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download