Overview

overview

7

Static

static

3

fcde4922bc...KI.exe

windows7-x64

7

fcde4922bc...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 06:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcde4922bc18279890dfa0ab9100a470_NEIKI.exe

  • Size

    4.1MB

  • MD5

    fcde4922bc18279890dfa0ab9100a470

  • SHA1

    3fcc48b6b187ef9a97b94c033388b3527ee241dc

  • SHA256

    06dde98b8e2d603a92a9426bb55f8402ca8f5f238ec62767dd632f5a3e7f8eb3

  • SHA512

    70bde399464337dd85d03f1443f0ddc24a0a1cba5b5b8493ed725cb6c15513c2e1b4b3dfd74c6fb5e0281248bbfb11a4d526ab52df32a7bbe512a431affcb5df

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpg4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcde4922bc18279890dfa0ab9100a470_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\fcde4922bc18279890dfa0ab9100a470_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Adobe9W\devoptiloc.exe
      C:\Adobe9W\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxV8\optiasys.exe
    Filesize

    4.1MB

    MD5

    16edf53bbf77df3be3a61ea6fa4f8e1f

    SHA1

    28113f630254d46bfed34c9df7d29b8da0c16179

    SHA256

    9d974a86461639fc37d39725496daf47c5816c9ebbabf432f2f0152fe6f47626

    SHA512

    252c6beca4da9e18ee015114fcd8ea8165703226584e877fa6ae8989e1312a2061baab70d654e56049b3cb1c5ccf7be294279520b20e51575c3e6714331cac8a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    94ac66ba59710f240bb02a49190d42b3

    SHA1

    42c21a746361a3632cb5a55e8f0bc8b8f2fc0312

    SHA256

    7fa86c3c885ad915bed72034eafc584ea50bd8f7c89a13c5feb82a7a64b7aa29

    SHA512

    7722f420fd59d03b065eba9612e09df400bd2440f9b7a09e41cb7d2d992c3f15887c4b482f7c7cfc7f271f8e6c182e9cb3538f3f2e1163127f5f947d00d895ee

    Download Submit

  • \Adobe9W\devoptiloc.exe
    Filesize

    4.1MB

    MD5

    23b6073e3f6aa2264ee1838cc98b112d

    SHA1

    1cdeb6f7486817ab6303e252598e96ff9b0a43d2

    SHA256

    250d02951c4843ad49e351d5605ef12203d4ea07c1b5946d0975d016201bf3be

    SHA512

    f06e26dc5035de396d7f66d05f1a9802f190762fc96a172de977cff1ea90cb52de63a956761d1c4d6650d2e5f88e3120eab2c5802065588b77ffebf1b091a2a8

    Download Submit