Overview

overview

7

Static

static

7

4d484d7382...KI.exe

windows7-x64

7

4d484d7382...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d484d73829d66610fe2677c385bdb50_NEIKI.exe

  • Size

    71KB

  • MD5

    4d484d73829d66610fe2677c385bdb50

  • SHA1

    6c6d962c7377bdab66ea170ba01d1bd22e3812a8

  • SHA256

    e06c18092029edd8fc0a9d38697edcf9b563ea9de7d3fb93692ff15b59c9c192

  • SHA512

    6ca89c91b2af9a0381d43321262f0f3d8ad60637e81ca3ad816759d24f9494ec9f01b2cb2c41f5e91a2edd6e20bf6d1a165f4cf0755127a8a7862109cb49576b

  • SSDEEP

    1536:y4QQ6NSyM61l19piO+LV8YEoI/EU9RUe4mFbGepNyx/20:y4X6NSyfnpijeYEoIcq40xNyr

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d484d73829d66610fe2677c385bdb50_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\4d484d73829d66610fe2677c385bdb50_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:4456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\macromd\fetish bondage preteen porno.mpg.pif
    Filesize

    72KB

    MD5

    cec348b6377451d72500eaeb2ffb5b11

    SHA1

    3f0d847e89fbb09a69d2178c933164cbd2665c25

    SHA256

    e6bd5d29be096cb129b695c0f05f4295186e7283305349db3e8b7d393da161d5

    SHA512

    1f52a08578d455fc0e868336b41562d3f63d941ac678e3e4b7b5e2989df1c19cd765b444b896b9af8b844e9892e0baa4ce6a084bb2b03e5eab29db3a2ea91e15

    Download Submit

  • memory/4456-0-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download

  • memory/4456-29-0x0000000000400000-0x0000000000464000-memory.dmp

    Filesize

    400KB

    Download