Overview

overview

7

Static

static

3

5dbb6805c1...KI.exe

windows7-x64

7

5dbb6805c1...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe

  • Size

    944KB

  • MD5

    5dbb6805c12864537de6d47ac213e3b0

  • SHA1

    2e215e19b937f8a136fd54e47b8e15210b2b70b4

  • SHA256

    0f3d536ccc44f21df740233a2a378ea957cadd93cf88c6dcecb4c03008ae6436

  • SHA512

    29eebead25a743fab2ad1d91fa117d22fa1483a83618277439f4b735893c12a9f35b832bef907173fdd51cba57942edaed1b09dacb52b8e50b95418243f67c73

  • SSDEEP

    24576:KvTyOJGlLUpvMv1DaqctTr5J+A6nba/ZS/QERT77Ld:Kv/GlL4vMp6D+rnbggQERTbd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 344
      2⤵
      • Program crash
      PID:2316
    • C:\Users\Admin\AppData\Local\Temp\5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe
      C:\Users\Admin\AppData\Local\Temp\5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4064
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 344
        3⤵
        • Program crash
        PID:4568
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 164
        3⤵
        • Program crash
        PID:4960
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1516 -ip 1516
    1⤵
      PID:1952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4064 -ip 4064
      1⤵
        PID:208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4064 -ip 4064
        1⤵
          PID:5004

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5dbb6805c12864537de6d47ac213e3b0_NEIKI.exe
          Filesize

          944KB

          MD5

          aa022d40b03fa15b3f5e8a21c7072279

          SHA1

          8ba0fe1c9fc81387b9b2e7f3e84555e64c83745a

          SHA256

          9d3ddd6c3727fffd2d7d22f312b9127ad8f418d8d0876751f38b3645a0d20aa7

          SHA512

          f218266a69532a9798167c8a8ebeb7d824d4f5f5e6774426cc32d2d612b79894bc28e35ec94a9a02e40a4e848fdff6de62b0595474c28737b058c4e0957af470

          Download Submit

        • memory/1516-0-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/1516-6-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4064-7-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4064-8-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download