Overview

overview

7

Static

static

3

f3993af5c9...KI.exe

windows7-x64

7

f3993af5c9...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 15:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f3993af5c966128213600ae599da4f10_NEIKI.exe

  • Size

    944KB

  • MD5

    f3993af5c966128213600ae599da4f10

  • SHA1

    3dc344dd35734c8b11d92b7a283c06b3d5f0f0d0

  • SHA256

    a158e25da293676f1f72055a4505e9736c4028d71b8bec20103c714330c588b3

  • SHA512

    8b3eea9c3ec1f2d34cb0dd675e64680148b0c2f6725f710e8122474fc91590ec00e67ecc9285ad2d8f5ea1e1f6853f7261c27b5ac2127dea3c5c0920dc38d290

  • SSDEEP

    24576:q0Zmg9Y6K6aUUXVQvawvXd67WE66IZPa/ZS/QERT77Ld:qWmg9HK6arAN67WE66INggQERTbd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3993af5c966128213600ae599da4f10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\f3993af5c966128213600ae599da4f10_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\f3993af5c966128213600ae599da4f10_NEIKI.exe
      C:\Users\Admin\AppData\Local\Temp\f3993af5c966128213600ae599da4f10_NEIKI.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2392

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\f3993af5c966128213600ae599da4f10_NEIKI.exe
          Filesize

          944KB

          MD5

          d34f89e9f1cc683574b5804b341c6260

          SHA1

          df2607d77343a156c80c2a2aba5ccec711874fc3

          SHA256

          82499c889d6f82ccf814049f3bb9ef99e4b3d28cc63c66fe897b0562502ce36c

          SHA512

          65368de3496ab97c8ffea9435737fac37808669369e6fb67bda95645242bb998bb513afe7aee3e0986afa05a37fdb841066b13721c39dff2d89f6fa0537ee5d1

          Download Submit

        • memory/2392-9-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/2392-11-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/2440-0-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/2440-7-0x00000000030B0000-0x00000000031A0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/2440-10-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download