Overview

overview

7

Static

static

3

8121a5598c...KI.exe

windows7-x64

7

8121a5598c...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8121a5598cbcc255ab288458c17c4f90_NEIKI.exe

  • Size

    3.0MB

  • MD5

    8121a5598cbcc255ab288458c17c4f90

  • SHA1

    981cb5d2fcaeddaa96bf0eef483dc452581f32e5

  • SHA256

    8cde93100879fb0364e33cf8db96460c8cf9606097c3518942e0a0b31e8ca33d

  • SHA512

    5f5b8e24bfc778ee5376bee9ef423d3ba6cdae69b615a0c7a02c0af8ef4f783be0b5ffde19f1d5c1d30f2d53fd73ddaa8f87d5e8c3cb491a879c69e72c482a0e

  • SSDEEP

    24576:wu7UB30W9qFxUX0FG3FjLa/ZSdniF+ujZXIMfX2av5SAODFDDaPZS6XSl+d:V7UEw3FHg0niXtXIMfX2wGBDDQ/XSO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8121a5598cbcc255ab288458c17c4f90_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\8121a5598cbcc255ab288458c17c4f90_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\8121a5598cbcc255ab288458c17c4f90_NEIKI.exe
      C:\Users\Admin\AppData\Local\Temp\8121a5598cbcc255ab288458c17c4f90_NEIKI.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\8121a5598cbcc255ab288458c17c4f90_NEIKI.exe
    Filesize

    3.0MB

    MD5

    edd3340eeca2b8c273a72f6e6817b876

    SHA1

    93de142b3a3b46f7946f56afb99c53e67defc6e7

    SHA256

    cf05c44c7f9b5dc49a5d0613b32fa9833df6ae0c111dd93e41fd487716b38bd4

    SHA512

    1efb6d8ad948526714aa7b2ef33c0919ceb7f9158d74e10c1a4b48e30dded7e1b20439cac1bdb251aff8577d9568f56fc4ee81a2f8c9077bf9223dd547cb81a5

    Download Submit

  • memory/2176-0-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2176-6-0x0000000003540000-0x0000000003626000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2176-9-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2352-10-0x0000000002DF0000-0x0000000002ED6000-memory.dmp

    Filesize

    920KB

    Download