348057b2b9ce267ec97cebdf6b20bbfef204cbb16f3c18463f31ef0663c512f3

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 23:20

Target

1cda9e6b072e601fe2f4c85df0895850_NeikiAnalytics.exe
Size

76KB
MD5

1cda9e6b072e601fe2f4c85df0895850
SHA1

dc6c16fa97c048f8a9f4053f18ea9ae5bdf66e73
SHA256

348057b2b9ce267ec97cebdf6b20bbfef204cbb16f3c18463f31ef0663c512f3
SHA512

d3539c8cd8c8823966e521ac58b3a86733783466668c6062f5cd36823e330cef30045f644d2eeb3bb27a25795114cf8ce8005fe3092ad139e73ecacac1a0f018
SSDEEP

1536:zaWLF1kxTnUI4CFPtv6iSJnaGlbVUhoq:zaWExTnUTCFPtvanaGlbVUho

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
888	Winkjz.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Winkjz.exe	1cda9e6b072e601fe2f4c85df0895850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Winkjz.exe	1cda9e6b072e601fe2f4c85df0895850_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Winkjz.exe	Winkjz.exe
File created	C:\Windows\SysWOW64\Winkjz.exe	Winkjz.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTcbPrivilege	3356	1cda9e6b072e601fe2f4c85df0895850_NeikiAnalytics.exe
Token: SeTcbPrivilege	888	Winkjz.exe

C:\Windows\SysWOW64\Winkjz.exe

Filesize
82KB

MD5
f2346a7d5a520050a0330cf23d46db16

SHA1
741a787bf97cbea8a848871d82c7dde496c5da21

SHA256
e20d8ea718df431f328841f10229ab19392e31b94301582f3ab5893d9db2e756

SHA512
c3f270692b08ae9c39b58ce163eb26f4ed4f7ab0531ca3f08a3ea15de0a19e9d1c55b168a00ce59626b06d96ac59b48256c29183802876bd612606255883a25e

Download Submit
memory/888-13-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/3356-0-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/3356-14-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download