62f56af417257916ee4114df443d32783f8f091e517c4e0353e10b2cbe93482e

Analysis

max time kernel
114s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:23

Target

2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe
Size

79KB
MD5

2bd61979ebb5067416997a76eabe0250
SHA1

3c9f300e1cdaffd4c87fe007f39cdace5662cb00
SHA256

62f56af417257916ee4114df443d32783f8f091e517c4e0353e10b2cbe93482e
SHA512

2337fd1173e7156ced3bbc8dcbab8e205bbb61f185db76b68e9e4225b33596d9fe0758b1904d73167c361535c8185396b0e91d3edcad5a58c30107d5ac18dcaf
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2996	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 716	1836	2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe	91
PID 1836 wrote to memory of 716	1836	2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe	91
PID 1836 wrote to memory of 716	1836	2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe	91
PID 716 wrote to memory of 2996	716	cmd.exe	92
PID 716 wrote to memory of 2996	716	cmd.exe	92
PID 716 wrote to memory of 2996	716	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2bd61979ebb5067416997a76eabe0250_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:716
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
41c43ab5f71f405bb54e3fa9645be613

SHA1
94f987280da42c1562d2f9210f88f062b1f51239

SHA256
857d13b2f3b697d50da72b582031054094d121a7778d12bc925a54c63b8e9cf3

SHA512
95df34fc11c4431e4ae3a84a314b9790ba489202d9e072dffa3127501244e00202f66cad435daf33b4f2e470a2bb968d626e5982e9382f06b52075a130d2013b

Download Submit
memory/1836-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2996-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download