Analysis
-
max time kernel
130s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 00:26
Static task
static1
Behavioral task
behavioral1
Sample
ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe
-
Size
5.2MB
-
MD5
ac76c1d0b31a8a3f61607cf317cc5270
-
SHA1
66723b163ee2ecfd2e6279076261b26ff9617121
-
SHA256
0778cdd0a1301956778108dcbf6a59a4075a04147a76b0beea289bd741b99303
-
SHA512
6700322266753f4ca5cb9a43058556615c9ba86265a5ecba1dfcd05a0d85f3f6bd71a69431b9a995b72471b9921b4029c0227aa0f832afab3a1700d6b1d607db
-
SSDEEP
98304:K2yUDEVO0IKyqyMDJAmHt1uppOMeUcMy+Zuj3Q3DVSIIzYViMumjXNn6J:vyUAICyMDJbbup+My+ZqQB/8
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2972 ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe