Overview

overview

7

Static

static

3

c5acf60693...KI.exe

windows7-x64

7

c5acf60693...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5acf60693418775db62b72230f505a0_NEIKI.exe

  • Size

    4.1MB

  • MD5

    c5acf60693418775db62b72230f505a0

  • SHA1

    71b050aa78df3ffbef87ab0e3aa28b619492c6f8

  • SHA256

    cc2c1100ef850c1f0313c563354244906c821603a28172c50cbca31dc8bc72f2

  • SHA512

    1bef0216d4aaa7dd94d6c1792bf0c526439f7c8761970f04b9c5dfe4b607512667243f16bba568a9ba2dfd3caf98ed56e5a11c4ec9e3bde8830460f4e4bcc31f

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp24ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm55n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5acf60693418775db62b72230f505a0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\c5acf60693418775db62b72230f505a0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Adobe2F\xoptiec.exe
      C:\Adobe2F\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZMB\bodxec.exe
    Filesize

    4.1MB

    MD5

    f6bee81f423a59a929396b0d7304cab8

    SHA1

    9499fe21accf78e7850aa2c9be8699917e84a547

    SHA256

    17dc74d6b2abfca780810e1eb4a40e98bc31bed62810df8e3c38e7305f51a17b

    SHA512

    1aec0c21da61f93997a7bd93098c5b9935ca127875171ab7ddfae4308ed6e9c2597686680fd527bdbf321ddbaa0609c291c4f2658124d8316c80f3549a71d230

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    97eb76d4ba0339c077e66e04e54fbae0

    SHA1

    9ce470a1710444429dfe2e60ac61012a0db90173

    SHA256

    11474b3079f7a9c23eae279c1b9df96a247e106415c330870e81afffb541bb9d

    SHA512

    8a1cef72aef1611b4c6b2dddb2a9cb99a0ece43e7628fa9083f7b1c514a1778315011fb0854cb3535b347e57dda2cd0681fce1f50ea1744a6e2afa418e99b5ac

    Download Submit

  • \Adobe2F\xoptiec.exe
    Filesize

    4.1MB

    MD5

    a84d49dfdc34e1c1e597a6ccfd562db7

    SHA1

    1d201ce57aab032f2661f311b658467013667ce3

    SHA256

    b11c80e1c6e42101bd5c1a4f0b63147fda5d4a2998af163732fe0412facc8ed2

    SHA512

    ebffe447f5cdad68571fc2efd96d0eef81c99c387ab99301c3add328e89d8ff2d49b32b3ec5f3fbc7a1d0bcce73f06fbe90c8760a955260dea3f7e3aaf782d74

    Download Submit