Analysis
-
max time kernel
143s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
08/05/2024, 14:47
General
-
Target
e1744dc0c467ea421be2938e75f4d7f0_NEIKI.exe
-
Size
182KB
-
MD5
e1744dc0c467ea421be2938e75f4d7f0
-
SHA1
744dd9bc2edf4572b7f30ae7a54a5ed7cce950ab
-
SHA256
caaebe309422c9097e96423e91ce0379938eee5bce89330a9fa8789791e87d6d
-
SHA512
5ce242478e93b48ba2313f40f131bf8e7673ff79ad5e283c87b6bc54f40b3e5d1ae3c5a4026fb36f3fa1dda0a581bd69eec19a869d136b1dc1ed59b14809a296
-
SSDEEP
1536:2Q5qsuEY52Spbj6xc9Ywn+ixkV2Lu7nguPw9uVgA53+RrKJs2zjFS3ldkBOLLaVd:BbuEYTqx0xxu7nguPnVgA53+GpOc
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1744dc0c467ea421be2938e75f4d7f0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\e1744dc0c467ea421be2938e75f4d7f0_NEIKI.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jioaqfcc.exeC:\Windows\system32\Jioaqfcc.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcefno32.exeC:\Windows\system32\Jcefno32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jbhfjljd.exeC:\Windows\system32\Jbhfjljd.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmmjgejj.exeC:\Windows\system32\Jmmjgejj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jlpkba32.exeC:\Windows\system32\Jlpkba32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jplfcpin.exeC:\Windows\system32\Jplfcpin.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jfeopj32.exeC:\Windows\system32\Jfeopj32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmpgldhg.exeC:\Windows\system32\Jmpgldhg.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcioiood.exeC:\Windows\system32\Jcioiood.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jfhlejnh.exeC:\Windows\system32\Jfhlejnh.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmbdbd32.exeC:\Windows\system32\Jmbdbd32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcllonma.exeC:\Windows\system32\Jcllonma.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kfjhkjle.exeC:\Windows\system32\Kfjhkjle.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Klgqcqkl.exeC:\Windows\system32\Klgqcqkl.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdnidn32.exeC:\Windows\system32\Kdnidn32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kfmepi32.exeC:\Windows\system32\Kfmepi32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmfmmcbo.exeC:\Windows\system32\Kmfmmcbo.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdqejn32.exeC:\Windows\system32\Kdqejn32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbceejpf.exeC:\Windows\system32\Kbceejpf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdgljmcd.exeC:\Windows\system32\Kdgljmcd.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Leihbeib.exeC:\Windows\system32\Leihbeib.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmppcbjd.exeC:\Windows\system32\Lmppcbjd.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lfhdlh32.exeC:\Windows\system32\Lfhdlh32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ligqhc32.exeC:\Windows\system32\Ligqhc32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpqiemge.exeC:\Windows\system32\Lpqiemge.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfkaag32.exeC:\Windows\system32\Lfkaag32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Llgjjnlj.exeC:\Windows\system32\Llgjjnlj.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ldoaklml.exeC:\Windows\system32\Ldoaklml.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Likjcbkc.exeC:\Windows\system32\Likjcbkc.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lljfpnjg.exeC:\Windows\system32\Lljfpnjg.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldanqkki.exeC:\Windows\system32\Ldanqkki.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lebkhc32.exeC:\Windows\system32\Lebkhc32.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lmiciaaj.exeC:\Windows\system32\Lmiciaaj.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lllcen32.exeC:\Windows\system32\Lllcen32.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mdckfk32.exeC:\Windows\system32\Mdckfk32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Medgncoe.exeC:\Windows\system32\Medgncoe.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mmlpoqpg.exeC:\Windows\system32\Mmlpoqpg.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpjlklok.exeC:\Windows\system32\Mpjlklok.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mgddhf32.exeC:\Windows\system32\Mgddhf32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mibpda32.exeC:\Windows\system32\Mibpda32.exe41⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mlampmdo.exeC:\Windows\system32\Mlampmdo.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mckemg32.exeC:\Windows\system32\Mckemg32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Meiaib32.exeC:\Windows\system32\Meiaib32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlcifmbl.exeC:\Windows\system32\Mlcifmbl.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpoefk32.exeC:\Windows\system32\Mpoefk32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcmabg32.exeC:\Windows\system32\Mcmabg32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Migjoaaf.exeC:\Windows\system32\Migjoaaf.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mlefklpj.exeC:\Windows\system32\Mlefklpj.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcpnhfhf.exeC:\Windows\system32\Mcpnhfhf.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Miifeq32.exeC:\Windows\system32\Miifeq32.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npcoakfp.exeC:\Windows\system32\Npcoakfp.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncbknfed.exeC:\Windows\system32\Ncbknfed.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nepgjaeg.exeC:\Windows\system32\Nepgjaeg.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nngokoej.exeC:\Windows\system32\Nngokoej.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ngpccdlj.exeC:\Windows\system32\Ngpccdlj.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nebdoa32.exeC:\Windows\system32\Nebdoa32.exe57⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nphhmj32.exeC:\Windows\system32\Nphhmj32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njqmepik.exeC:\Windows\system32\Njqmepik.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndfqbhia.exeC:\Windows\system32\Ndfqbhia.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngdmod32.exeC:\Windows\system32\Ngdmod32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnneknob.exeC:\Windows\system32\Nnneknob.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Npmagine.exeC:\Windows\system32\Npmagine.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nckndeni.exeC:\Windows\system32\Nckndeni.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nfjjppmm.exeC:\Windows\system32\Nfjjppmm.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oponmilc.exeC:\Windows\system32\Oponmilc.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Odkjng32.exeC:\Windows\system32\Odkjng32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ogifjcdp.exeC:\Windows\system32\Ogifjcdp.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojgbfocc.exeC:\Windows\system32\Ojgbfocc.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Odmgcgbi.exeC:\Windows\system32\Odmgcgbi.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ogkcpbam.exeC:\Windows\system32\Ogkcpbam.exe71⤵
-
C:\Windows\SysWOW64\Ojjolnaq.exeC:\Windows\system32\Ojjolnaq.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Olhlhjpd.exeC:\Windows\system32\Olhlhjpd.exe73⤵
-
C:\Windows\SysWOW64\Ocbddc32.exeC:\Windows\system32\Ocbddc32.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofqpqo32.exeC:\Windows\system32\Ofqpqo32.exe75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ojllan32.exeC:\Windows\system32\Ojllan32.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Olkhmi32.exeC:\Windows\system32\Olkhmi32.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oqfdnhfk.exeC:\Windows\system32\Oqfdnhfk.exe78⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ocdqjceo.exeC:\Windows\system32\Ocdqjceo.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ogpmjb32.exeC:\Windows\system32\Ogpmjb32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Onjegled.exeC:\Windows\system32\Onjegled.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Olmeci32.exeC:\Windows\system32\Olmeci32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Oddmdf32.exeC:\Windows\system32\Oddmdf32.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ogbipa32.exeC:\Windows\system32\Ogbipa32.exe84⤵
-
C:\Windows\SysWOW64\Pnlaml32.exeC:\Windows\system32\Pnlaml32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pqknig32.exeC:\Windows\system32\Pqknig32.exe86⤵
-
C:\Windows\SysWOW64\Pfhfan32.exeC:\Windows\system32\Pfhfan32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pmannhhj.exeC:\Windows\system32\Pmannhhj.exe88⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pclgkb32.exeC:\Windows\system32\Pclgkb32.exe89⤵
-
C:\Windows\SysWOW64\Pggbkagp.exeC:\Windows\system32\Pggbkagp.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Pnakhkol.exeC:\Windows\system32\Pnakhkol.exe91⤵
-
C:\Windows\SysWOW64\Pdkcde32.exeC:\Windows\system32\Pdkcde32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pflplnlg.exeC:\Windows\system32\Pflplnlg.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pqbdjfln.exeC:\Windows\system32\Pqbdjfln.exe94⤵
-
C:\Windows\SysWOW64\Pcppfaka.exeC:\Windows\system32\Pcppfaka.exe95⤵
-
C:\Windows\SysWOW64\Pfolbmje.exeC:\Windows\system32\Pfolbmje.exe96⤵
-
C:\Windows\SysWOW64\Pnfdcjkg.exeC:\Windows\system32\Pnfdcjkg.exe97⤵
-
C:\Windows\SysWOW64\Pdpmpdbd.exeC:\Windows\system32\Pdpmpdbd.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qnhahj32.exeC:\Windows\system32\Qnhahj32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qgqeappe.exeC:\Windows\system32\Qgqeappe.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qjoankoi.exeC:\Windows\system32\Qjoankoi.exe101⤵
-
C:\Windows\SysWOW64\Qnjnnj32.exeC:\Windows\system32\Qnjnnj32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qqijje32.exeC:\Windows\system32\Qqijje32.exe103⤵
-
C:\Windows\SysWOW64\Qddfkd32.exeC:\Windows\system32\Qddfkd32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qgcbgo32.exeC:\Windows\system32\Qgcbgo32.exe105⤵
-
C:\Windows\SysWOW64\Qffbbldm.exeC:\Windows\system32\Qffbbldm.exe106⤵
-
C:\Windows\SysWOW64\Ajanck32.exeC:\Windows\system32\Ajanck32.exe107⤵
-
C:\Windows\SysWOW64\Anmjcieo.exeC:\Windows\system32\Anmjcieo.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ampkof32.exeC:\Windows\system32\Ampkof32.exe109⤵
-
C:\Windows\SysWOW64\Adgbpc32.exeC:\Windows\system32\Adgbpc32.exe110⤵
-
C:\Windows\SysWOW64\Acjclpcf.exeC:\Windows\system32\Acjclpcf.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ageolo32.exeC:\Windows\system32\Ageolo32.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Afhohlbj.exeC:\Windows\system32\Afhohlbj.exe113⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ajckij32.exeC:\Windows\system32\Ajckij32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ambgef32.exeC:\Windows\system32\Ambgef32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aqncedbp.exeC:\Windows\system32\Aqncedbp.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aclpap32.exeC:\Windows\system32\Aclpap32.exe117⤵
-
C:\Windows\SysWOW64\Ajfhnjhq.exeC:\Windows\system32\Ajfhnjhq.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Amddjegd.exeC:\Windows\system32\Amddjegd.exe119⤵
-
C:\Windows\SysWOW64\Aeklkchg.exeC:\Windows\system32\Aeklkchg.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Acnlgp32.exeC:\Windows\system32\Acnlgp32.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-