Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
08/05/2024, 10:32
General
-
Target
65f72f8902a155174feffa330632e550_NEIKI.exe
-
Size
131KB
-
MD5
65f72f8902a155174feffa330632e550
-
SHA1
f394fac1d5d56152452f472d8348dd5bee535298
-
SHA256
7732b9bdbf22ceca826374719b4195a18789788eac275774981e86fd142a679d
-
SHA512
8bc02e10c365eb48cd4be5efd72305a72636c2d58fa90708cfb71e6e72a47d64d25cf2dc75d3673838d49d6bf9b7e1dc50d8608e34bbf659be79b64d5e3de276
-
SSDEEP
3072:ZVMfMIbIaw3J90/LfD/Q+BC3K5eqU+BC3K5eqYroGIkToBe:kfMmMmXgK70K796
Score
8/10
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\65f72f8902a155174feffa330632e550_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\65f72f8902a155174feffa330632e550_NEIKI.exe"1⤵
- Drops file in Program Files directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {A247A198-D777-4198-B7B2-0FB898465142} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\PROGRA~3\Mozilla\racmzae.exeC:\PROGRA~3\Mozilla\racmzae.exe -cddhnyc2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
131KB
MD5085b325a779736a81da61f70fea37462
SHA1fe5a64aa873f4420122c24acda416b02c9fcc6ac
SHA256dc34b6a191222e337ffa27388084842862a8d8e8b2076399e2ffc36e210757d7
SHA51201b072d5de6d2e1c0ced9de5a587979808af41fa6373595bcaa6e3df1f5b7927281fbe418e9e7213cb1b882f1c82669080f6c490daae7d4a4cd2b96753543a96