Overview

overview

7

Static

static

3

049bd507ac...KI.exe

windows7-x64

7

049bd507ac...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 08:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    049bd507ace3c49ff9dd572f15175f50_NEIKI.exe

  • Size

    320KB

  • MD5

    049bd507ace3c49ff9dd572f15175f50

  • SHA1

    da515c45f8cd7cdcf53a5437fbb2786931efb47b

  • SHA256

    93599cc253bcc460747e7eab9cca6b72dab753becafd2c58b36455c7f03e0480

  • SHA512

    a17ba00e2b2ee86b87b6f548f08f2ecf5eaa8266d302f9963346d741ccddc9bb9633a4608483333d2aa33d388ecd23fe800958fdd2e5da640db1524ee48450f9

  • SSDEEP

    6144:71bLUtu06xBMgMGX90nTt6odE/yG6G1B7qV40saiigCDN:ZzGYAZ6KmyG6G1BmVQ5zCDN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\049bd507ace3c49ff9dd572f15175f50_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\049bd507ace3c49ff9dd572f15175f50_NEIKI.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 396
      2⤵
      • Program crash
      PID:848
    • C:\Users\Admin\AppData\Local\Temp\049bd507ace3c49ff9dd572f15175f50_NEIKI.exe
      C:\Users\Admin\AppData\Local\Temp\049bd507ace3c49ff9dd572f15175f50_NEIKI.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3344
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 364
        3⤵
        • Program crash
        PID:1484
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2972 -ip 2972
    1⤵
      PID:8
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3344 -ip 3344
      1⤵
        PID:2108

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\049bd507ace3c49ff9dd572f15175f50_NEIKI.exe
        Filesize

        320KB

        MD5

        2e86b94d0114dcc2dfe71adba3e2bea8

        SHA1

        f3ec5131081e215fec16d6a93aeb51ee6cde780e

        SHA256

        8662227ffcec4c3ade3fd8c32e81558df6cd98b5e3bc76d7fdcdb7b3b801e55e

        SHA512

        47310377e8a277a9a34f2f250f1965004ff0be11483d8b7427fdc463031baeb92f26186a8800c0161bc284a0b6b62664144ef28e02bc977016150bdc4c857d1b

        Download Submit

      • memory/2972-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/2972-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3344-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3344-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3344-13-0x00000000014D0000-0x000000000150F000-memory.dmp

        Filesize

        252KB

        Download