3e567380d618a51fc7c5b4661b492713076f42c7c7e9704c8d0cefcf33c1aab1

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:05

Target

5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe
Size

84KB
MD5

5e6083ccee589242a0e04924d36d3810
SHA1

5efa10265ec3a5f1080e47a0fa819a2edb16069a
SHA256

3e567380d618a51fc7c5b4661b492713076f42c7c7e9704c8d0cefcf33c1aab1
SHA512

70da7f1c6f7cece8c4175388974361ba64e3f1d9f0442b3fce3cf06cd0816edad8752c896efa36ee13e1de492c63469db10ce810d5adedc99dbe41d439989615
SSDEEP

1536:sB+FC9RntfWeoGiPyCHjKDjvQQQtUw2dfkoT/y2ZLJFg:sB+F8tfPN4yCDKDjvQQQtL

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

budha.exe

pid process

2448 budha.exe
Loads dropped DLL 2 IoCs

Processes:

5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe

pid process

1724 5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe
1724 5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2448	budha.exe

pid	process
1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe
1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe

description	pid	process	target process
PID 1724 wrote to memory of 2448	1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe	budha.exe
PID 1724 wrote to memory of 2448	1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe	budha.exe
PID 1724 wrote to memory of 2448	1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe	budha.exe
PID 1724 wrote to memory of 2448	1724	5e6083ccee589242a0e04924d36d3810_NeikiAnalytics.exe	budha.exe

C:\Users\Admin\AppData\Local\Temp\budha.exe
"C:\Users\Admin\AppData\Local\Temp\budha.exe"
2⤵
- Executes dropped EXE
PID:2448

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
84KB

MD5
7e94db32bc69e346cb4f50484056cba9

SHA1
f73828cc4bab87b399b4cfc308ea4b93bd659183

SHA256
bd2b3ee501fb0387f67a9757bc3ef39910a5c6545ff04e7398a03e9c40c74c84

SHA512
ccd5aa2b4415f09e0e910c4c5da7d731cb9370ca12461d556a2d7f640fd11eb6f1c4f3c601079c8c0824ec44ad291a7d01a707a68b3b708c967b6efad21a5fe0

Download Submit
memory/1724-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1724-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1724-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1724-2-0x0000000000409000-0x000000000040A000-memory.dmp

Filesize
4KB

Download
memory/1724-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1724-9-0x0000000003220000-0x000000000323D000-memory.dmp

Filesize
116KB

Download
memory/2448-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-17-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-20-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download