Overview

overview

7

Static

static

3

a79d34e178...KI.exe

windows7-x64

7

a79d34e178...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 02:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a79d34e178e4cf8dda36264522c205e0_NEIKI.exe

  • Size

    2.7MB

  • MD5

    a79d34e178e4cf8dda36264522c205e0

  • SHA1

    ea8747c303f8decaf317783a6acf598bd68d9dd4

  • SHA256

    84f7afbdafcb51a33b579ffd2259286a94d53ee350d9025f68c53297b37587d1

  • SHA512

    8d62afc96191fc0e83003333bc1f05edba5d860d9bec715d65217e4ae0f7cc01a6082f1b19be791cfef0593feae48d0e1ef38bab0c796184a107ed26a5a7846b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a79d34e178e4cf8dda36264522c205e0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\a79d34e178e4cf8dda36264522c205e0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Files3K\devoptisys.exe
      C:\Files3K\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files3K\devoptisys.exe
    Filesize

    2.7MB

    MD5

    1fb340fe29b842250d3dfad44591fc5f

    SHA1

    3f26f553cdca585927151ab386abaa8f82e07999

    SHA256

    bea34e0743f04949acf7d988894750dcaccd097f91cda479b7172eebe5b3aa7f

    SHA512

    005e02ca977dec2fd6f31b0e3974b2bf20b5af4bda48ab7980dd195030810f9c742efb20438bed384e712b9acf2d276c333b34feef4823074d2c7ed00506504c

    Download Submit

  • C:\Mint7P\dobxsys.exe
    Filesize

    3KB

    MD5

    83fccc54ea97eed60fa8d444ade51fb1

    SHA1

    582b6c94edd80d6e568a11c06d7d33b8e80558ce

    SHA256

    cf5f912930ee88fcc7dc97044013eaf9bfa33f5ef9558d5dfbd37c48a8a0f049

    SHA512

    647e4ca482b573ab49d38e095a3fe87e500be83e902a8573d2f91ee27abbdb2a211e1d3558d4148bac5e1d700585bf350e126f20465b1583d997e65105b346c6

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    d004009de5b6779e4e50094944e95cfa

    SHA1

    fc33cd2ee60f3abc13ee88cb4130830ca8999691

    SHA256

    850cfb05b7777b7063d1dfcdc031f4a0652296c8871773bd47ec8e9d5f7ab7cb

    SHA512

    386817de60e994921bba7f08eac35adaf1dcf92927f7ddba1ab0415974156a5be8e5376c01907b62ab974982ca2756514f6d501a6f8be2e9bb6336080d56a57b

    Download Submit

  • \Files3K\devoptisys.exe
    Filesize

    1.2MB

    MD5

    155d095b7ccaaa6fed0a2e3d02b15db2

    SHA1

    aa415d58f7594196243809687b8da50f5d3042ed

    SHA256

    1f6074a7be02c252e10d00fb71158aab217798a29449685709c1f88c208416d6

    SHA512

    957a8eb3820862e06e443164022edb351319ff0c556504a0a3681dac6b4ce13f7a7584bbf24b582b29aa179c794044cec5ac66cfa1a596f620759d0001712c03

    Download Submit