Overview

overview

7

Static

static

3

92824bfa2d...KI.exe

windows7-x64

7

92824bfa2d...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92824bfa2d9f88ae6bcef9f692858b70_NEIKI.exe

  • Size

    7.6MB

  • MD5

    92824bfa2d9f88ae6bcef9f692858b70

  • SHA1

    f1723631ff5c232892cfc3778ecda6ebac088e44

  • SHA256

    a78eb6b99d2143d1d094d1b370c12cce4598af76f3454366aa5e16ff1207cfb7

  • SHA512

    0d464f5b20b7c63162d74ceeec5c9bfccf5eec8ef4a022d3bc4769b5602c286eca1ae570c06c2116e6100823f5fbe45ae7b6c43a738092e09101844f5ffa15a3

  • SSDEEP

    196608:vH4GhBuV5aqFL4rooriZHLwWIcl2FVIo2Ghi3Cx6smv:QGhBuV5a64r5roHLARVIo2G886P

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92824bfa2d9f88ae6bcef9f692858b70_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\92824bfa2d9f88ae6bcef9f692858b70_NEIKI.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2940
  • C:\Windows\servbrow.exe
    "C:\Windows\servbrow.exe" /Service
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\servbrow.exe
      "C:\Windows\servbrow.exe" /Popup
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Mozilla Maintenance Service\Ws2Help.dll
    Filesize

    7.6MB

    MD5

    5e02764fece52ded1ff00fdcb2f6d1df

    SHA1

    6c32a52570586662923fa76bf18378dd3588b374

    SHA256

    69d8f8d08f72660d3331cab8766bba51871a77152f6a94c1a0812369f253d85c

    SHA512

    d474077920e6548136787cf550ca2aae8f0d112221ee789c691cb9547353142d5a7ae250aa92d6bbadab901f33aeb57cc13f17ac33ed2aa22830c36833697477

    Download Submit

  • C:\Windows\servbrow.exe
    Filesize

    7.6MB

    MD5

    8ec4a941b18a61f948fcdfa6880b5953

    SHA1

    27d37fe85cd70ddc95260b7fb13d9e11d1ae413b

    SHA256

    3fd7635afee53ca8117b7b9e1a727d3e2586d65dc54dccda4455aa15c13c7ece

    SHA512

    8af5dbe89c351be16769e21aa9228b021e9ea3ef274143ed91aaca33927103d7e52d4b53865c7380130196d16d948fcc2c8bdb7b84e3fcf37917fe0fcc88efc3

    Download Submit