Overview

overview

7

Static

static

3

f5caa7522c...KI.exe

windows7-x64

7

f5caa7522c...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f5caa7522c5678ad6b9c09e2881eb5e0_NEIKI.exe

  • Size

    80KB

  • MD5

    f5caa7522c5678ad6b9c09e2881eb5e0

  • SHA1

    6b352e99da96c14f23767f3f4962e51e3aa1653b

  • SHA256

    1b537068f2408296ac7ed33672faab053bf2a3c63fc8422b48551acfc644c296

  • SHA512

    54fcbbb79029b16526d226a75984789737de07e55d92a3e6b05c69c546d5bbae18d3c6c1cc93013f207dde39022aee9b79aed77ad727ca981d91a36eea922e3d

  • SSDEEP

    768:JNK2cNW0QbRsWjcd+6yBFLqJ4Z8qx70RM8/O/B2Z9tRQPR:pcNjQlsWjcd+xzl7SMQQPR

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f5caa7522c5678ad6b9c09e2881eb5e0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\f5caa7522c5678ad6b9c09e2881eb5e0_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    402KB

    MD5

    518e1189d33bcf94c69df68a998aa8fc

    SHA1

    5d2cc67c45dcfc9cde64e2e30c4e1bd87a76734d

    SHA256

    80731ec25a325504d23b15b5ecd563cd69a7bcb51b1bf6331dad9c1e52db640e

    SHA512

    60be20510ca7ed12c1f625dcd8ddd94220695038d79e029512043225ab96211133c86c34c6bbf2eacfcb336eb049e91bdd2befddc509dc81efca361472dfa889

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hrZ2IBO2qh5tK3r.exe
    Filesize

    80KB

    MD5

    00fe224a8c27f861bb3874e7da08aef9

    SHA1

    13f886382107327a92bbc05f0d8e957c5843cef2

    SHA256

    e02ef6ab9f4b5469ff8dc97a4a0c9d6b63696ce27ae5accecc8342647351ddee

    SHA512

    50a5992c7a29e99be24031fd87e1bac308d5a654edf232de9c78f8ce96a9d5cd71164272b871db78611c1d6ba0af84fe806d6b4db02a95fd7c2b3f9b94025c7f

    Download Submit

  • C:\Windows\CTS.exe
    Filesize

    80KB

    MD5

    ec704028ad7125c2fa52e04dc68c0ca3

    SHA1

    2a63f27d0138696c9c27a9ea2534e8f2ca11ddc4

    SHA256

    5f77a5d7c9eac3b004820646dece450e315a6e3ed320dc183ae68d59cd2318bf

    SHA512

    a008a08c980583b8698431ca44fa45d5565fdc5316dc3e58c47ae523e7a7a776162979b0c79f9c64f0b71e0d98fb49102679378354f76c270d0c99207c15d160

    Download Submit