f7a163c42ab78babc7077ff600b4ca6a3ba964111a7aa31cc96197f29fd2ca9a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 03:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b706158c361de05a84bbfee6487405f0_NEIKI.exe
Size

396KB
MD5

b706158c361de05a84bbfee6487405f0
SHA1

560bf6a23c40d2bbc9a90d556f2caa9f94b01e37
SHA256

f7a163c42ab78babc7077ff600b4ca6a3ba964111a7aa31cc96197f29fd2ca9a
SHA512

8ce29854e1f57c7595b498d14b62410d102b5ca2ee45995480a6241738a355dbbe852c643f43cde0f0b7ba25ee85b75d53a3a2bfd4e1246e966a6803f3a249b6
SSDEEP

12288:4jauDReWmELHKmMPX/pBX0aflHZgxz2LwQl/WgLloIVSl8j3AmSkSScmNUpQ3DTc:4DDy8qmMPX/pBX0aflHZyz2L7/WgLlon

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1204	iboxcy.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\iboxcy.exe"	iboxcy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 1204	4572	b706158c361de05a84bbfee6487405f0_NEIKI.exe	84
PID 4572 wrote to memory of 1204	4572	b706158c361de05a84bbfee6487405f0_NEIKI.exe	84
PID 4572 wrote to memory of 1204	4572	b706158c361de05a84bbfee6487405f0_NEIKI.exe	84

C:\Users\Admin\AppData\Local\Temp\b706158c361de05a84bbfee6487405f0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\b706158c361de05a84bbfee6487405f0_NEIKI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\ProgramData\iboxcy.exe
  "C:\ProgramData\iboxcy.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
396KB

MD5
72eef498ab9cff370d571193dfadaa84

SHA1
53ba558f00dc7974724ebd8733e472cfc35e8f1b

SHA256
aa3521be8991a9f05fbd9c1cf1d323a69eeac1dd53580c7a0b8ffb123b592288

SHA512
e8cfaa50c95a38edf95871b8c2264ee29e65543b7e133e28c4eab2d2e453ca27af6783f48df47543f1895658cd455ccd3c246b8b355b95a8795842826b32dd4c

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\iboxcy.exe

Filesize
259KB

MD5
43ba9c110c58788482c76f519cd1f5a6

SHA1
82a64b2f61e2b7061a41be942a851cfec7281029

SHA256
cdf2717c45da88c3e419c2d0a2a4303b10691c83066984c837c7c17befc90afc

SHA512
9cb280ec6c6ded3d55769be9067a1d2d98a39eff125c88be70ff2f03d70de997def8bff2a3064fa073c0a646829b290565490d3852e9d8cdec29c85415c17f72

Download Submit
memory/1204-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4572-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4572-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4572-10-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads