278b92ed2586b784f82ce0d149889338f9ce111f85bbb37c88645d005aea4278

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:57

Target

8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe
Size

79KB
MD5

8675a34b649c765d143aef3b635bede0
SHA1

cd8b99899ef02a14b1ce9dd8c3becb9caf7bca43
SHA256

278b92ed2586b784f82ce0d149889338f9ce111f85bbb37c88645d005aea4278
SHA512

3de1a0e1a8ae06610e19eed3735ead7e2fdbb8f12ece5bd7dc4300313e20514a9aee802f9bd4b6a9238caa5fd1e42cf7b89cf3923d3f2a35d6782fc75a5b6677
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3432	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 1368	4740	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	92
PID 4740 wrote to memory of 1368	4740	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	92
PID 4740 wrote to memory of 1368	4740	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	92
PID 1368 wrote to memory of 3432	1368	cmd.exe	93
PID 1368 wrote to memory of 3432	1368	cmd.exe	93
PID 1368 wrote to memory of 3432	1368	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6ae6faa530771642d891e4f1916e05bd

SHA1
e7379ea23fae15103a9fbeee69e687acae1c780a

SHA256
70fca4d2c90693edf59afcc837d98a29bf6da12732a2d2e29b29cca64f4120d9

SHA512
38dfc39bc503bd435129d4e4faf0407f4096648f0bab1b64aacb2529b7ddc88147e1aa6a296127f0c34c6aef08cef2cd178d8be53f16ee1126afb87caa3758a3

Download Submit
memory/3432-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download