14c57dc15c887f87326c4d6e380fa092367e09364b350b4f6c4a26d2edc9bce3

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe
Size

5KB
MD5

ce0febb436e10e2353d295c1a804bab0
SHA1

1e52837b81e4c054a95f4634a307835d986ab066
SHA256

14c57dc15c887f87326c4d6e380fa092367e09364b350b4f6c4a26d2edc9bce3
SHA512

981922f268b0a468d86ad857cc8c9848b53b37d74f93fbcea77944da798b10521254c9b6bdfb477474642501445ba97201c6c3fd477803a7210546b09d08c722
SSDEEP

48:qd7WUoHvjBrmJVeDhMRdO//Go/LSaqnijDGrsEVnQBG/RA8lGUZ2CS7jLyUF7D:emRjDh0aZjxAnQWRIUZ2CmXX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1068	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe
2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1068	2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 1068	2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 1068	2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 1068	2820	ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ce0febb436e10e2353d295c1a804bab0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
5KB

MD5
4cca51513719c9d06550024bde2d1af4

SHA1
5de2dc38f096e9f11debe2c211833f9370ce00aa

SHA256
bcf765025073bf081d2b1fe7923e5fe55e603676326cc0acbe701aadab3f4f60

SHA512
72b1571a0cf5da2678eb9a68628276a4e502321b88b448ec7c635ab0561db6e0c868615d2f06b69e0a26a4f08b31c31a0ec6ffc1c2f4b1e1af2ee52b42253363

Download Submit