4370c4ce9d10de6a3838087aaaa32962ed41952c3331d35b5940793a51805781

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 18:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe
Size

5.5MB
MD5

bb8bae8182746b551af78f09613dd730
SHA1

c783a3ea778db184bb6d88b159cfb0ef0a47f24c
SHA256

4370c4ce9d10de6a3838087aaaa32962ed41952c3331d35b5940793a51805781
SHA512

291ba70563bb04b4b6d50ce672f9ced6e37bf9147853ef6318f7e636d4c9a6dbfffea42e56b2041c7d330490bfc152787c89e21b94bf133cdfffd69ce6674b83
SSDEEP

98304:te0kTj5hfEKsu8zz5RQ2zeCtbNKGtYU2+7LC5jpIsOsO9XLWiyy8:0j54z5WO/t/2+7IF6Byy8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1980	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe
2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe
1980	budha.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1980	2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe	28
PID 2860 wrote to memory of 1980	2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe	28
PID 2860 wrote to memory of 1980	2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe	28
PID 2860 wrote to memory of 1980	2860	bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bb8bae8182746b551af78f09613dd730_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
5.5MB

MD5
ef95c3297cd37a909843ec2b34ad5876

SHA1
8e27c1162cc2d7383a1185cfdae490fe48b05936

SHA256
47d99a5bfc689526a15947cb0eb61751486b90547c15dffbacb86df6d645a6ca

SHA512
d3d6b6ca09e32c5f605dc09a6dac1c388a04fec2608bba31494bb2eb830ecbe6987e1e6a2756f6f797762c65257e4b76a2f736b9064a1dece2d673441c410368

Download Submit
memory/1980-33-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1980-31-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1980-40-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/1980-39-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/1980-38-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/1980-35-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/1980-36-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/1980-37-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-1-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2860-23-0x0000000004500000-0x0000000004D96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-8-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-14-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-12-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-28-0x000000000041D000-0x0000000000715000-memory.dmp

Filesize
3.0MB

Download
memory/2860-25-0x0000000004500000-0x0000000004D96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-11-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-24-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-0-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-10-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-9-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-3-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2860-5-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2860-6-0x0000000000400000-0x0000000000C96000-memory.dmp

Filesize
8.6MB

Download
memory/2860-7-0x000000000041D000-0x0000000000715000-memory.dmp

Filesize
3.0MB

Download