Overview

overview

7

Static

static

3

8d14a35799...KI.exe

windows7-x64

7

8d14a35799...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d14a35799436296d3a90f6036dae540_NEIKI.exe

  • Size

    84KB

  • MD5

    8d14a35799436296d3a90f6036dae540

  • SHA1

    f85ad16fe3f419e3d133d45194f01e3afd2d2cb7

  • SHA256

    b3ce8338114281a985f28f4330a6b59eb36dd8444c048af12bc65518b49c93e6

  • SHA512

    24f1a6d1ccc04e8f000da80a18493b1db45eca0149957966055404af8fedb6e7d61c49b23edfb3b44ddad1e6d1a6ee4c8d381383eb993d38d25d3fac7b53ee75

  • SSDEEP

    1536:YAowfUJFgjT284U+w2EwRz6OlvaeEpIaCtwUaSvcmGCCCCCHCChCHCCCdg1WCCCI:YAowyFgjTiUkEwt6OlvaeEpIaCtwUaS7

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d14a35799436296d3a90f6036dae540_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\8d14a35799436296d3a90f6036dae540_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    84KB

    MD5

    d7a7f8a44500f4346b14d42a05b7411b

    SHA1

    16f44232168459a2761db11a6d84a49ba87e7a8d

    SHA256

    739b1549a13d89a8d8faf488ba8ace162ca7791ef481d137fe341fd37a286aae

    SHA512

    c653e98819f855566ed6588d07c41b8b63783c2470f32303a134e14d7801f72fc8106785fa745a0e3a2fd511224c07d50a1e07a6d02ed2b2b028259029fbe1af

    Download Submit

  • memory/1500-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2748-8-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2748-10-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download