55e0a8a6d19c502162d4cd737f1773eebf6922680af982ce5c2028020f399a29

Analysis

max time kernel
138s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 23:50

Target

23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe
Size

79KB
MD5

23f678bd2d3f3e328b21a7b62b01a9c0
SHA1

bd40b1468f314b84503439fb1a2680f3103696fa
SHA256

55e0a8a6d19c502162d4cd737f1773eebf6922680af982ce5c2028020f399a29
SHA512

20fd186f208bf0062abe04c7f0f9acfa41744724ef000ed0f07a09a4b45ee4725be4d8e9dbede347006d070f573533238362c9853dc0a028fc9efa4dbef7eb14
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5ynqB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMynqNE

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3724	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 3592	4188	23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe	92
PID 4188 wrote to memory of 3592	4188	23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe	92
PID 4188 wrote to memory of 3592	4188	23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe	92
PID 3592 wrote to memory of 3724	3592	cmd.exe	93
PID 3592 wrote to memory of 3724	3592	cmd.exe	93
PID 3592 wrote to memory of 3724	3592	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23f678bd2d3f3e328b21a7b62b01a9c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0e5fb030d65301b481f5a25e140944d7

SHA1
394df719033f1488be1a1a613f8fc24a80272f69

SHA256
a02c850f6a6a3e082780cc2e130923a3cb97958b6a788a0a682d245bd29b794c

SHA512
5033e10d014713f8f3556ce326a4e7a7e508f863ed9dbde32ac93cbf5e73a7d0d65193e7382c7223a4849222309a1dcc48e1cb10c6152e5e45c16a045be953e4

Download Submit
memory/3724-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4188-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4188-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download