Overview
overview
9Static
static
3NekozRealistic.exe
windows7-x64
7NekozRealistic.exe
windows10-2004-x64
9$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3NekozRealistic.exe
windows7-x64
1NekozRealistic.exe
windows10-2004-x64
9d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3$R0/Uninst...ic.exe
windows7-x64
7Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 01:53
Static task
static1
Behavioral task
behavioral1
Sample
NekozRealistic.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
NekozRealistic.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
LICENSES.chromium.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
NekozRealistic.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
NekozRealistic.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
ffmpeg.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
libEGL.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
libGLESv2.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral21
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral23
Sample
resources/elevate.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral25
Sample
vk_swiftshader.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
vulkan-1.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral27
Sample
vulkan-1.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
$R0/Uninstall NekozRealistic.exe
Resource
win7-20240704-en
windows7-x64
General
-
Target
vulkan-1.dll
-
Size
931KB
-
MD5
d421ae53119ed85e1e90b073eb51d7d2
-
SHA1
014f0f98a2271d385d57152a15f5d8a763d27c14
-
SHA256
3a433f9cbee4cc89ac58917f1872ee0f38ba451760d4bba6f37712f0c8179b7a
-
SHA512
8b36d24496ff5253a375ee72de616cbc165f815f8d1ee339955b922846b1e0de015f86ff45b8ab710d0ecf162fe3c6c801774b889cdfc35feb6baf5d12d67bdd
-
SSDEEP
24576:iYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7sa:iY65/M387R56Z5WoDYsHY6g3P0zAk7s
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2512 3012 rundll32.exe 30 PID 3012 wrote to memory of 2512 3012 rundll32.exe 30 PID 3012 wrote to memory of 2512 3012 rundll32.exe 30