59ad80ddf98028a9af673a6f3acc95b40061b4140550ddb9b6f5e8524373e609

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 15:56

Target

69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe
Size

46KB
MD5

69ec907c799b98d387966d82424b6d90
SHA1

48ccf3868a2870977d9057dd71507c84caa9f568
SHA256

59ad80ddf98028a9af673a6f3acc95b40061b4140550ddb9b6f5e8524373e609
SHA512

e39f3875d468cfb7cc3aedad6da21fae595543d8f3eb982e890b8ce7e2ef380afa554f01c09fda15a472efa7750cc65eb8883ab2a06f85956c1ba3529b8091c6
SSDEEP

768:zIP5WOMVs4PSV06ymNNC6S7Cm1n2OBGRIWNSE77NPQ1TTGfGYz6KO:zI0OGrOy6NvSpMZVQ1JHKO

Score

10^/10

Credentials

Executes dropped EXE 1 IoCs

pid	Process
2000	jusched.exe

Loads dropped DLL 2 IoCs

pid	Process
2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe
2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Java\jre-09\bin\jusched.exe	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Java\jre-09\bin\UF	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2000	2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe	28
PID 2724 wrote to memory of 2000	2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe	28
PID 2724 wrote to memory of 2000	2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe	28
PID 2724 wrote to memory of 2000	2724	69ec907c799b98d387966d82424b6d90_NeikiAnalytics.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Program Files (x86)\Java\jre-09\bin\jusched.exe

Filesize
46KB

MD5
d0b0a48d5108990994aaf40a89879d14

SHA1
7cd540fd1030f05daa735158f01ab203809d943e

SHA256
15a9488563a47593d7d1ed7f8038582a5af01256d1e7f77692aa8bc88b1578b6

SHA512
f47d3c407085d0520654d624def836cf0c02f5b99fe035883cd8c549ccd0990e3022435fc17d69657118be577d5a94849a988805d72e56bd1fd927c544262cb7

Download Submit
memory/2000-15-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2000-20-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2000-21-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2724-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2724-7-0x0000000004850000-0x00000000048C4000-memory.dmp

Filesize
464KB

Download
memory/2724-14-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download