a50dd45167fc6f2641b679cac8864305c8ec5049714534a347bf091147a9418b

Analysis

max time kernel
125s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:39

Target

d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe
Size

79KB
MD5

d47ee4e5b31a5d3820918fba9013f290
SHA1

235bd61748bebf02c293be0607648760636f8251
SHA256

a50dd45167fc6f2641b679cac8864305c8ec5049714534a347bf091147a9418b
SHA512

1534f328ddad717f2be064ceb8a71a92f2349dec29f7d61354f55102e6bad409c57016e124537c95b55d52b4d57c2f8a63a20cdde26c69816fc25583be628b0f
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3460	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2456	5020	d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe	90
PID 5020 wrote to memory of 2456	5020	d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe	90
PID 5020 wrote to memory of 2456	5020	d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe	90
PID 2456 wrote to memory of 3460	2456	cmd.exe	91
PID 2456 wrote to memory of 3460	2456	cmd.exe	91
PID 2456 wrote to memory of 3460	2456	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d47ee4e5b31a5d3820918fba9013f290_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4324,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1324 /prefetch:8
1⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
da842ba93703d23a77f81cbc2c40ccc8

SHA1
808067d51abda6df0b83611fa47f161cd4e2e690

SHA256
e591f3f8a9a4fe4a1c0759b569af20d92db44849a95f56b71304acf35ab88cab

SHA512
d7e0f09b09e284354fea3762e5e61eb447c8696eb9163da6b5ffcec37b9e987ffb18dcd54be6cbed91cc09578bc5d72d863b974ae70765acade1a9fbf9780f36

Download Submit
memory/3460-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5020-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download