80b226f3c2a5571daf8301661277a25899fc6622b8ff4e0b1ddea99821ae6907

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 05:55

Target

bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe
Size

45KB
MD5

bebd7c90d3c6e7441357fa81d19bae90
SHA1

99d01f9f085610f3b7e964d679a61379e28d7367
SHA256

80b226f3c2a5571daf8301661277a25899fc6622b8ff4e0b1ddea99821ae6907
SHA512

f545b5d8e4181891647dd9a44a207632e1369772ea24786d9360c4b744475387b79805b59fd166a7be13db453837401e18b7bb7306dbadf08749864570e1d112
SSDEEP

768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYy6KL:zI0OGrOy6NvSpMZVQ1JQKL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2472	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe
1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre-09\bin\UF	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2472	1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 2472	1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 2472	1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 2472	1712	bebd7c90d3c6e7441357fa81d19bae90_NeikiAnalytics.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Program Files (x86)\Java\jre-09\bin\jusched.exe

Filesize
45KB

MD5
1fc3c72a292ed8047d163ebb22c90969

SHA1
0a78d555786c63dba5fdc9af5570bab18ec9c58e

SHA256
0a8782b2e4f300d0eb4722ad18684bb4632379634c13e20575e0fa64d6cfa985

SHA512
222391ef29ec1f1708b8709e082ef0e2ea991632180478bbfcd71e3e4bb3abbadfde3ecb5ba9594e7b1dd5557c5b771f298a3922113921770958253837dca1c5

Download Submit
memory/1712-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1712-12-0x0000000004A60000-0x0000000004AD4000-memory.dmp

Filesize
464KB

Download
memory/1712-14-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1712-13-0x0000000004A60000-0x0000000004AD4000-memory.dmp

Filesize
464KB

Download
memory/2472-16-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2472-22-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2472-23-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download