8f65eb23750b03f65bcad6d740163c4feefd58c23b0f870d0b3d23c68306c3a6

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:05

Target

78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe
Size

79KB
MD5

78220d99aac1c57d81bf6e9793b8d5e0
SHA1

4a8822ac1a48804ed0342820d66369801413a73d
SHA256

8f65eb23750b03f65bcad6d740163c4feefd58c23b0f870d0b3d23c68306c3a6
SHA512

a71bae8398b8783d120860d3a339c46267f3377fccc4e919688a0da18e03243c411f4c08bac074af18d010aae7f0e6865c4c1859768fa400b4b897b4ea01a7d6
SSDEEP

1536:zvm5Om0rld8Ms1FAOgSmOQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zvm5OTld8r1QSjGdqU7uy5w9WMyWN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2124	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 1580	2880	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	92
PID 2880 wrote to memory of 1580	2880	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	92
PID 2880 wrote to memory of 1580	2880	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	92
PID 1580 wrote to memory of 2124	1580	cmd.exe	93
PID 1580 wrote to memory of 2124	1580	cmd.exe	93
PID 1580 wrote to memory of 2124	1580	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1580
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4040,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:8
1⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6fce57a8e6a64fec1bb61c1c60c6d2a7

SHA1
a7f234738b749f1593428f0870f0531f3702cf94

SHA256
7359a7371f945d850fd15f386bb95a0b96eaf33afb8930061f354f0d25117d6b

SHA512
060d4b4f31fc441ec33cb142f42ca1df3cc136530ea46cc544b74c6c9a5a44cbbf87fdcb390b6493d007ca5ea2b00bd2ec782fb304e483c08d666b72cbe79244

Download Submit
memory/2124-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2880-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download