Overview

overview

7

Static

static

3

33c95fd1f2...KI.exe

windows7-x64

7

33c95fd1f2...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 08:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    33c95fd1f204d858ade941a8e6263740_NEIKI.exe

  • Size

    4.1MB

  • MD5

    33c95fd1f204d858ade941a8e6263740

  • SHA1

    e64f6a41d500f79e0145a961b9742cbf84ed4284

  • SHA256

    0f93efc89e29f6d148ce8604fca329bc1aa0f3ae3c2f09a01dd50f53bf2a5da7

  • SHA512

    92f94976524b9cb86ff796fca6e630b6a9ec5d5a81251cb3c5eaa9d8fa73386b66c2c1780772324e32ee2acde98a81728b8933bd6e4fcdb7393f3421dc1bb68a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp04ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmr5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33c95fd1f204d858ade941a8e6263740_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\33c95fd1f204d858ade941a8e6263740_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\UserDotDU\xdobec.exe
      C:\UserDotDU\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3036

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\GalaxBA\bodxsys.exe
          Filesize

          4.1MB

          MD5

          62da4dbf14ab78044afc2e20859ccaef

          SHA1

          f4c01266294afdf3c569e686b415e0dca75d6d5e

          SHA256

          b67f09c584c9cda7f62c9573c8823a9f80970eff575c9e2e6ba88495c7a01bb9

          SHA512

          277e32bdde02ffafa804554e0ad5528cc2fa5804c20a3d8c44c79ce334c08183285aae9ec2bf78928a50979e3c1ac6ff9727e5b05a5606efb217cfb258c254a0

          Download Submit

        • C:\Users\Admin\253086396416_6.1_Admin.ini
          Filesize

          202B

          MD5

          e1731bf262bf9303830198a4666cce47

          SHA1

          134ffbe3ab50f64823558c4538a7fe8369ca028f

          SHA256

          174df1e372866d8e572f51a86c35904892e61a8e6d598dcc3dd3a13e8c2ff408

          SHA512

          7e70984fc86e767284bf0f1ceaadb627e4cc662636c9d2f2966d7f60be26668a328375bd490994d5b162c42c426b05e8c476c4b72f0572c577679135673295b0

          Download Submit

        • \UserDotDU\xdobec.exe
          Filesize

          4.1MB

          MD5

          a3eb0b967a9804bc2c5a01072d792366

          SHA1

          de02bce75f7d7ea8e18a934a838801de336f5676

          SHA256

          e1afaa7da16f34ca3f34803137a87ecbd9505f6b73d754b87a58feb7dec887b0

          SHA512

          1b184cf538cb8859ea4fb7ad370597d96d33d622f23bc0858c3676822d08ec51d96a70159b7ba73c777bbf65ea657d2a694029cb96b15b53fe6d22ee27336a2f

          Download Submit