7c93b8defb622cef5e0516b712ca10c4131cbf418cedbb146db9db8bfd2be13f

Analysis

max time kernel
130s
max time network
137s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe
Size

5KB
MD5

3772b0874e31e1abb5b7c87080a2e460
SHA1

f7e8d2a2f1a9d8d1fae2d623db87f77927e033c6
SHA256

7c93b8defb622cef5e0516b712ca10c4131cbf418cedbb146db9db8bfd2be13f
SHA512

0bd97846e72a1f7b60ef1894933e324e6c1ced586d9d91d1a6965c7679f7cda6e79ff77416e6a0b89c3e879ec303119d0bbafb9a5ea2c4b00271ba13735f0fe8
SSDEEP

48:qd7ZUoHvjBrmJVeDhMRdO//GJGjqnijDGrsEVnQBG/RA8lGUZ2CS7jLyUF1W:1mRjDhcmZjxAnQWRIUZ2CmXY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1780	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe
1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1780	1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 1780	1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 1780	1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 1780	1736	3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3772b0874e31e1abb5b7c87080a2e460_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
5KB

MD5
8044559f64714138245fb0ad8ecf6fa5

SHA1
f8f2bfce241ed0433f6c8dd8a966b88f6af087d6

SHA256
4f3c50852e45023bf44958a17ed87b885285817ff7b6da25bcc2885b33e3bba5

SHA512
186914e7b2a0f5996bba91d5d935561f6e238bb4546077a512c61de47697bed2812eba14b90ea5a8f6b7cb9a60a88d426cac526e8466bfdfceded58bbf4a195f

Download Submit