7e0d2514d6925b0d9bc73554c409fc37bb82dd031ce8606dd171e31b77cebdee

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe
Size

82KB
MD5

b3024ab4f9e3dd4ec75ee7cda4f301d0
SHA1

7674cd26c5aebde362d66ff7bab3c5ea57fe9644
SHA256

7e0d2514d6925b0d9bc73554c409fc37bb82dd031ce8606dd171e31b77cebdee
SHA512

dc98f98646c7e32406d1a2107079f3659d23cd52fb5d3dcc5a96bcfa56bd665bb754131cc7cacc91f60475876ac23aea9c012512242eebaf19f64aedd44d990c
SSDEEP

1536:sB+FC9RntfWeoGiPyCHjKDjvQQQtUw2dfkoT/y2ZLmE:sB+F8tfPN4yCDKDjvQQQt6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2912	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe
2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2912	2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2912	2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2912	2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe	28
PID 2972 wrote to memory of 2912	2972	b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b3024ab4f9e3dd4ec75ee7cda4f301d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
82KB

MD5
e3a216a17dd46a575adb1e2781d3ed4f

SHA1
8709a1bdea8ea50fd5e1289c1258aebb8d376bac

SHA256
60aaf1ccec9d7891372dab61403fb738420f2d6d96832049b726d7fffadc161d

SHA512
1726daea49b5862b7682d757dcbc4d0638827655632cbeafaa6d7d7dccc14b68bdcec625e5f9b934d24a0d8bae7deb2cffadb6e2b86e41d8e56fa3cbc49907f1

Download Submit
memory/2912-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2912-17-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2912-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-2-0x0000000000409000-0x000000000040A000-memory.dmp

Filesize
4KB

Download
memory/2972-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-9-0x0000000001E30000-0x0000000001E4D000-memory.dmp

Filesize
116KB

Download