59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe
Size

28KB
MD5

b66f0cf8a0700f8795601311b899a810
SHA1

a44aa0eaf19e864d9b205a9689f4cda36cc0aca5
SHA256

59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871
SHA512

e985603bfea6956a97a42e1cb033e59e33d5ade837f1f8e9d87a337020dd15432665f304548fbc71844a029cea82d3a4cf2206f25925370af8224ff0768468f0
SSDEEP

384:iQ4n4X4f0y4vEhbTKFMWWeJqljfgj3WfgVl6DuwcP+60V:ong40YfnWWeJqhIKuUDm+PV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1636	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe
2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1636	2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 1636	2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 1636	2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 1636	2868	59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59fae49e9254d790f221e4d832127491be9f8b315115570822c388b6b1d51871_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
29KB

MD5
4f4061be8e5c11b52436634606eb5ebf

SHA1
f135ca8e9ddebc6770386fa9f0e25a6714e4cd09

SHA256
246368575f5e99a9ca96079d39be4978f208eb1484f4780fb9648eec2d6d0472

SHA512
4e21b0aa5be0d91e895b2e372607402a8344c7eccab98aa284af5076a52dad26b96bb6319531bfebddfec094fd30c0e306013a01b726bbb9d9fc39faaa193082

Download Submit