8811bd991ce6be426cafcfba11963999b00ed683bceb1c2dd5b66b106c32f26e

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:06

Target

4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe
Size

73KB
MD5

4707875add4a4034fab6ff2ddf78e680
SHA1

9a13d13cf6401b56ff5173209a54abc9e7908c14
SHA256

8811bd991ce6be426cafcfba11963999b00ed683bceb1c2dd5b66b106c32f26e
SHA512

20f739fee67c79e4a88e6940cad87304017e4e7b10191b661b7dc30f8ed589c7301bd1b98671840631c8d9a539bcdee0f58459bcd0c6c880a8725fa1cab705db
SSDEEP

1536:hbFyTX0K27JcCK5QPqfhVWbdsmA+RjPFLC+e5h20ZGUGf2g:h8b0H7JcCNPqfcxA+HFsh2Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4092	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 332	4384	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	92
PID 4384 wrote to memory of 332	4384	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	92
PID 4384 wrote to memory of 332	4384	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	92
PID 332 wrote to memory of 4092	332	cmd.exe	93
PID 332 wrote to memory of 4092	332	cmd.exe	93
PID 332 wrote to memory of 4092	332	cmd.exe	93
PID 4092 wrote to memory of 1060	4092	[email protected]	94
PID 4092 wrote to memory of 1060	4092	[email protected]	94
PID 4092 wrote to memory of 1060	4092	[email protected]	94

C:\Users\Admin\AppData\Local\Temp\4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4092
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3688,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:8
1⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
16a7f7ce1378f5100788c9e69ef451d5

SHA1
955599db8db7d10df677c2f3b366f9a20b3dcace

SHA256
d8df9e9f7dbc1dfb7a89d3af04d1d6fefa97d0beb6b17a85729150b5dfd7bc28

SHA512
fedda0197979387f23dafb2e818df729bb567db1c2dffa913ac8fe48d61bda87f067b3046155aaa3d575d8f874812586edfa43c76deab69473e8e7570c24e15b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/4092-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4384-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download