71fa8d804e9e93ef7a67ba9f5d567561453b157158d48893fa1c55a9a06eabcd

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe
Size

19KB
MD5

c2ede92421629acfb465df63d98e8b00
SHA1

c13c4045a73deafac19a491203e9cf6d63b9c861
SHA256

71fa8d804e9e93ef7a67ba9f5d567561453b157158d48893fa1c55a9a06eabcd
SHA512

5c1c52d1a5fe0e1eac867f52891e0099d594a78548d59989a7dfa4d6496f91549fd055b7201a781f2920088afee7c6f8caf77d2bd57c7094b62137472584c660
SSDEEP

384:MKQOjAyV58awWdFecAhGrbweCvklV4k7oLvWm3Iq:MKfAQjU8rV4UoLx3Iq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2004	c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2272	2004	c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2272	2004	c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2272	2004	c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2272	2004	c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c2ede92421629acfb465df63d98e8b00_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
19KB

MD5
8f44b8f63f1b46761f15aed08759e3db

SHA1
3fb70b1f54ce21003915e55ca5075cf3217fe1d8

SHA256
812fcce28807573e6051646ffef513af8d1e34d7d5be194b7d58799722f6ce16

SHA512
9e4600aa9e5e4ab403fc12f4e0eb560b7a56b18b7c969af4706088b50e7da6f856bc54582699c89f5a530ba602794f37a4a19efd616f013aaf6f7a0b64f0aa86

Download Submit
memory/2004-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2004-2-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2004-3-0x0000000000570000-0x0000000000577000-memory.dmp

Filesize
28KB

Download
memory/2004-8-0x0000000002110000-0x0000000002118000-memory.dmp

Filesize
32KB

Download
memory/2004-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2272-12-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2272-14-0x0000000001F20000-0x0000000001F27000-memory.dmp

Filesize
28KB

Download
memory/2272-15-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2272-17-0x0000000001F20000-0x0000000001F27000-memory.dmp

Filesize
28KB

Download