Overview

overview

9

Static

static

3

4a8e593739...KI.exe

windows7-x64

9

4a8e593739...KI.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    4a8e593739bbc1a7d377b7ee919922d0_NEIKI

  • Size

    178KB

  • Sample

    240508-lkvjraea4x

  • MD5

    4a8e593739bbc1a7d377b7ee919922d0

  • SHA1

    18d3fead4dc56dacdeec57708f9f8ac6de0b459b

  • SHA256

    92516f1d9a05a71b66cd71a6139fe6c993c6016dbcc168d22a891de900413ae5

  • SHA512

    e704eb330a53412d39467293cbf33e04a6649545812459097213329946d095c157ed06a880b51c6d66d1f837b85f558aa4ba4faf924f5c9e7d82cfdf0bf8a02c

  • SSDEEP

    3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIrWpcOPxPke+e3fFpsJOfFpsJbgEc:tFPxPke+eIHFPxPke+eIc

Score
9/10
ransomware

Malware Config

Targets

    • Target

      4a8e593739bbc1a7d377b7ee919922d0_NEIKI

    • Size

      178KB

    • MD5

      4a8e593739bbc1a7d377b7ee919922d0

    • SHA1

      18d3fead4dc56dacdeec57708f9f8ac6de0b459b

    • SHA256

      92516f1d9a05a71b66cd71a6139fe6c993c6016dbcc168d22a891de900413ae5

    • SHA512

      e704eb330a53412d39467293cbf33e04a6649545812459097213329946d095c157ed06a880b51c6d66d1f837b85f558aa4ba4faf924f5c9e7d82cfdf0bf8a02c

    • SSDEEP

      3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIrWpcOPxPke+e3fFpsJOfFpsJbgEc:tFPxPke+eIHFPxPke+eIc

    Score
    9/10
    ransomware

    • Renames multiple (198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks