f58cfcf4818a5bc61a9a1c295d15c8ea17c6b581fc6745323d6ed9748691587b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 05:50

Target

a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe
Size

96KB
MD5

a8f9895e7098074f3df70f587c60c420
SHA1

377a15f565e4289171b0acf532795e94f8b9d25f
SHA256

f58cfcf4818a5bc61a9a1c295d15c8ea17c6b581fc6745323d6ed9748691587b
SHA512

c0ceb759de98170da1d994815ce81dee57e96e4d4f4ee5c2fb40bf8409bbbce26f4bdc782d89b474708961fc8e32580789df011aaa4b00703c0e6d3de59c02fa
SSDEEP

768:3/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJi+vBU6u7DPQ1TTGfGYc+pD:3RsvcdcQjosnvng6uQ1Ji

Score

10^/10

Credentials

Executes dropped EXE 1 IoCs

pid	Process
1924	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe
1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Java\jre-09\bin\UF	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1924	1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe	28
PID 1656 wrote to memory of 1924	1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe	28
PID 1656 wrote to memory of 1924	1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe	28
PID 1656 wrote to memory of 1924	1656	a8f9895e7098074f3df70f587c60c420_NeikiAnalytics.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Program Files (x86)\Java\jre-09\bin\jusched.exe

Filesize
96KB

MD5
356d15b7bad24e84bd2df27e450860bb

SHA1
044e7862e12f100361247ee904880e70315ef7a7

SHA256
07702d16affe428ebbaaced832ee46fa5b619d4cd0dd30ebd6691ed12106b3d4

SHA512
5e381d473088c2564292a1f0684b0b4cbf157209390e01896bbc281ba2ba66662ee298c8666cba4c890042bf52d1916f5cb7bbaade59d0bf009c521f11c14fce

Download Submit
memory/1656-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-12-0x0000000004B70000-0x0000000004BE4000-memory.dmp

Filesize
464KB

Download
memory/1656-11-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-15-0x0000000004B70000-0x0000000004BE4000-memory.dmp

Filesize
464KB

Download
memory/1924-14-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1924-16-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download