Overview

overview

7

Static

static

3

9e2b174429...KI.exe

windows7-x64

7

9e2b174429...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e2b174429ab6c32df76e0c64a99b3a0_NEIKI.exe

  • Size

    4.1MB

  • MD5

    9e2b174429ab6c32df76e0c64a99b3a0

  • SHA1

    6523a64a07eb482f10b8dac869bd2e006c287767

  • SHA256

    68577bd8770d06d1a09864539cc0cff790600a90468fd6eb191fa72ce11c4986

  • SHA512

    4e67651884adc01abd0116fd98abbfa64eb53dc49105f5cb37828b7ce9a8845d58468d3f4e3fbcad304e148e1763d814bf2dc4d7b59eac18d0060bb329525668

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpe4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmV5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e2b174429ab6c32df76e0c64a99b3a0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\9e2b174429ab6c32df76e0c64a99b3a0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\IntelprocWP\xoptisys.exe
      C:\IntelprocWP\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintH1\dobdevsys.exe
    Filesize

    4.1MB

    MD5

    b94d36001639aee62cafcf899ae83e9d

    SHA1

    e8a66a295d121af59002eaa840199295162030e4

    SHA256

    6af0f4b580bca2e1a4ee0b08e9f168ea19507f80080efbd01b605e0a33e876f3

    SHA512

    37722771a82ea97f1b4f9df03446e92d323111b8e6b97ad9339993dca120498835aeafcde7b76d708d3dff5217df9a39148ee452e7745db80b35ae1af9033949

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    132434f292b8fd8038b7800718a4633b

    SHA1

    fe0ee5ff268a21546c5bec58d4cab6dfc89a836d

    SHA256

    09879155dafd640d073e61ef645ab62186973f9ac7c61b6981f73331777b111e

    SHA512

    040b3b9d88daae1e810583ff9039db4ba71d09ed7e9ab853a73b92ae92aab56569428754c10edb795ec1a3ab1062d6b8d0751d6fbbd8a297c70dd5c0ef5a680d

    Download Submit

  • \IntelprocWP\xoptisys.exe
    Filesize

    4.1MB

    MD5

    53cb4481e83952a0ae03f6bd362c6189

    SHA1

    9f968dcb0bbb2cda3a80cb09c4ae05ef2e0deecb

    SHA256

    63b358e1fbf6c8965b4060e33f862564230d408c93951262058c9cf6c9b85e93

    SHA512

    691a95a8aab70b7a2e7edef8e1e521d1c29f3a5bb74654f2b4aba0cb11b221f929e024d602383e250b7d0e2268d0c36889fbb53ce21b11cbac4e0610317824b6

    Download Submit