Analysis

  • max time kernel
    129s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 00:26

Errors

Reason
Machine shutdown

General

  • Target

    ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe

  • Size

    5.2MB

  • MD5

    ac76c1d0b31a8a3f61607cf317cc5270

  • SHA1

    66723b163ee2ecfd2e6279076261b26ff9617121

  • SHA256

    0778cdd0a1301956778108dcbf6a59a4075a04147a76b0beea289bd741b99303

  • SHA512

    6700322266753f4ca5cb9a43058556615c9ba86265a5ecba1dfcd05a0d85f3f6bd71a69431b9a995b72471b9921b4029c0227aa0f832afab3a1700d6b1d607db

  • SSDEEP

    98304:K2yUDEVO0IKyqyMDJAmHt1uppOMeUcMy+Zuj3Q3DVSIIzYViMumjXNn6J:vyUAICyMDJbbup+My+ZqQB/8

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\ac76c1d0b31a8a3f61607cf317cc5270_NEIKI.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:5016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5016-0-0x00000000745BE000-0x00000000745BF000-memory.dmp

          Filesize

          4KB

        • memory/5016-1-0x0000000000730000-0x0000000000C5C000-memory.dmp

          Filesize

          5.2MB

        • memory/5016-2-0x0000000008A70000-0x0000000008FA8000-memory.dmp

          Filesize

          5.2MB

        • memory/5016-3-0x0000000009560000-0x0000000009B04000-memory.dmp

          Filesize

          5.6MB

        • memory/5016-4-0x0000000009050000-0x00000000090E2000-memory.dmp

          Filesize

          584KB

        • memory/5016-5-0x00000000050E0000-0x00000000050E6000-memory.dmp

          Filesize

          24KB

        • memory/5016-6-0x00000000745B0000-0x0000000074D60000-memory.dmp

          Filesize

          7.7MB

        • memory/5016-7-0x0000000009040000-0x000000000904A000-memory.dmp

          Filesize

          40KB

        • memory/5016-8-0x00000000745B0000-0x0000000074D60000-memory.dmp

          Filesize

          7.7MB

        • memory/5016-9-0x00000000745BE000-0x00000000745BF000-memory.dmp

          Filesize

          4KB

        • memory/5016-10-0x00000000745B0000-0x0000000074D60000-memory.dmp

          Filesize

          7.7MB

        • memory/5016-11-0x00000000745B0000-0x0000000074D60000-memory.dmp

          Filesize

          7.7MB