Overview

overview

7

Static

static

3

829bf57fc3...cs.exe

windows7-x64

7

829bf57fc3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 23:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    829bf57fc3b6e447198d4b84bc8c00d0_NeikiAnalytics.exe

  • Size

    37KB

  • MD5

    829bf57fc3b6e447198d4b84bc8c00d0

  • SHA1

    b535cf3976f0139b4c41eb402a004367fd80662e

  • SHA256

    8f7b318830216a10c62b2c0ea06865441d99124bbf5f1e767681c01dfc613c0b

  • SHA512

    84a58a440d622fb6aa9977dd80256c519a974cd1e2f5cac63ec51d749d1c47a92e3ffe079e9426ad11e632b2966faaae483e3703b334897fea7ff7a27d71422c

  • SSDEEP

    384:w2F9EYpD/L/DYPvPfhlbLCY5RR178K4iD5Crkj0g2VkJye:T9ECL7YPvPfhBLCY5RRAiD+qyi

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\829bf57fc3b6e447198d4b84bc8c00d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\829bf57fc3b6e447198d4b84bc8c00d0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:2088

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\budha.exe
          Filesize

          37KB

          MD5

          6ab64c4e9cc768f097f4088b9f002d8c

          SHA1

          60822a0f8f412cc7af20315d46f080d89b5e53bb

          SHA256

          6ed7d3c553d50367e683b5d2e66d673ad6a3becb9993e3d639a29c58c4fc3c0c

          SHA512

          fa864b678a07261a32df83126bdd2f3712ff70f29e3384369fd296bbc60082e12bc630a7cc99bb61f8693dbe3192cd79ff03086dbf803223876027282cdd9f55

          Download Submit

        • memory/2088-13-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3112-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3112-9-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download