Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 04:58
Behavioral task
behavioral1
Sample
fac5e060c420d18f3ede256f4a040410_NEIKI.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
fac5e060c420d18f3ede256f4a040410_NEIKI.exe
Resource
win10v2004-20240426-en
General
-
Target
fac5e060c420d18f3ede256f4a040410_NEIKI.exe
-
Size
9.3MB
-
MD5
fac5e060c420d18f3ede256f4a040410
-
SHA1
34c53a87f4df179b3e820ed3cf6df4ce012f658b
-
SHA256
b2076b51638327025dd3fc43bc4a160b9c1944c21c7c8a7a9fe9e0556ea119b5
-
SHA512
aeb854e24d2edb66d4167fd7262542a2ac8be66d6cee653cf12f2827fb284a7a0a44b60f1a80369aaa22c92ed63bfd694ba2435ad293e4cf83b6adbce7d6505b
-
SSDEEP
196608:XhoiIE7SRpoMfAR3SezxbAQvowejuJDUX47dwdW0MjMYB9kunPZfh8cph:GiIE7Yo1RSoxgaUX47d4kRkuRiO
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 2964 fac5e060c420d18f3ede256f4a040410_NEIKI.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2988 wrote to memory of 2964 2988 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 29 PID 2988 wrote to memory of 2964 2988 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 29 PID 2988 wrote to memory of 2964 2988 fac5e060c420d18f3ede256f4a040410_NEIKI.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\fac5e060c420d18f3ede256f4a040410_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\fac5e060c420d18f3ede256f4a040410_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Users\Admin\AppData\Local\Temp\fac5e060c420d18f3ede256f4a040410_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\fac5e060c420d18f3ede256f4a040410_NEIKI.exe"2⤵
- Loads dropped DLL
PID:2964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD56a55a7e284b51b086b63cc6f2061ce8b
SHA146a48a1ccf5262038b71ed4be09cf625009d078d
SHA256d9973270a952b4ce615104520051e847b26e4b1cc330a5a95ba1ae128f0dfdeb
SHA5126a6ba643bf15581cd579e383bac351ccae714d50453cff52cac7dcf5bd472a170e7d33b0509c7bd50c5e76e8a0304fa88dcad63a9e2cd0694a5c56f4a21ae363
-
Filesize
18KB
MD56e38a6bed88e1c27155e4dc428188ef0
SHA18b47a1960ed157f7beeb80fa4a16a723279c4efa
SHA256144d3a28e43e47fc1cce956255cc80467d4a6fbbb8f612ec6d85f62de030a924
SHA5123b801875bc5a483eea6d6cc43015e759ee1f66c12585f698cb92368455f25b5309617c8beae39945cadb57009a9c9a9ce21c18dec28e86097c67d8fc5f9febab
-
Filesize
20KB
MD52ac1289e4dbab076b332869bef26d3ce
SHA160570ddd06b671e26c6a814b9c08cdfa0ef38aba
SHA2566475f20f46814d28845c2fa73e9c283a8504483fa16d911325588c778cf76c26
SHA512e226fb4739d66e2c4624a9e01ec00dbe3b37dc96995eec35660208d76a9e6758a2a29be1b7986d14074df23ea0fc39d2ce121b7bd32c553371c1b15ff3e2ef7a
-
Filesize
18KB
MD51af2a91dc0a4e48bab0ca123073adf30
SHA1cf6625fd31b17d46dd31b16372840c74026d0ba2
SHA256ae574c9b8a2467c3ee0ac3e862255e93a02627bce146ad7b720b99905dc224fc
SHA51245103c51fc655f608e687c8e9db24c956d12c63b0497ced3817aee3d9f5fadf0741064ccb49ae71fbf377228af315c961fa414221731ea4892425ed4939bbf51
-
Filesize
18KB
MD5f53ed8a0c18157b9e37500621dfab9ee
SHA1b8a3131150cfd46052353309843c802d9f43df03
SHA2565909e928d791f67a13e3130033cb0e2178f5167a644c3ab5336322d38356db47
SHA5122cc98322e67ff49aacaba0b23fb559a5c4c58182e4f3965673a766d3198a26fcd7c7c340779d9fb0fc3f2649c16427ff312d87caa1feadf23dabc6675169416a
-
Filesize
5.5MB
MD51fe47c83669491bf38a949253d7d960f
SHA1de5cc181c0e26cbcb31309fe00d9f2f5264d2b25
SHA2560a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae
SHA51205cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4
-
Filesize
973KB
MD5ed82e9c6c4f7a475d7fd6ebabf3fab2a
SHA11062942b1bdfc8d7c8a941c152df69216010d780
SHA2564c5b8e529854cedfa8f46cd6906952400cdbbf25efc4cf37dda2c42d8e96ddcb
SHA512bf7bdf4762455a1224cdf1e7cdeb73a3c24c3e04d0b01df9f46b87d174cf4a88621372aa87b7e622b210f63a453c911d88e214ba67560f8ff7d7d0d24da58ad2