a868b1be4f6cb585c242cd5829de8995d416e90139357bc35269ba4fbfb94003

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe
Size

86KB
MD5

b428d27974db2bc94ae2923e1826d930
SHA1

706dfe3f88c2830ab4c0888b0df3ffaeb4ea32b9
SHA256

a868b1be4f6cb585c242cd5829de8995d416e90139357bc35269ba4fbfb94003
SHA512

5024ed5f6744cc6a8f7bb682c9ba07b99168cdd4ff7c2d2bda908e084284636269819a47407ef30dbebd3a4f101363c285086a9f5ffa66f8c21e4d33675e8596
SSDEEP

1536:NB+FC9RntfWeoGiPyCHjKDjfQQQtUetD9/J:NB+F8tfPN4yCDKDjfQQQt5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2992	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe
2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2992	2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe	28
PID 2420 wrote to memory of 2992	2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe	28
PID 2420 wrote to memory of 2992	2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe	28
PID 2420 wrote to memory of 2992	2420	b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b428d27974db2bc94ae2923e1826d930_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
86KB

MD5
73bc878906c87963c1abe7a5dfbe8326

SHA1
280970b0eaed12d8c6bce73a4cb0dc55a1e5f4ff

SHA256
28347da06b4cf13f6b55dc9698e119f54d21a2ae01be66c873c9a5b08d0c9d49

SHA512
3c9461c13fd4b56278a27d88afa7e39bbe87c3a3aa5621a86d43c94622f2f220c6619f5ff88531d1a051c4ceb2f2dbd738747e87ed7258ebaf2d133d5e534c23

Download Submit
memory/2420-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2420-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2420-2-0x0000000000409000-0x000000000040A000-memory.dmp

Filesize
4KB

Download
memory/2420-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2420-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-15-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-16-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-17-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download