f99e42441558aef63cc217f55dd8b0068e002c496a5472977680f1448dde3b3e

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 12:51

Target

e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe
Size

79KB
MD5

e620e52143534360b0a0172d8d2540b0
SHA1

40e5c7b5f9212344374a3608394fae5aa81fff4e
SHA256

f99e42441558aef63cc217f55dd8b0068e002c496a5472977680f1448dde3b3e
SHA512

2470080e9912de0b85cf1b2221200ae5b05f5a5a15ddec1bae788b06bfb29055636b90a5f8e6e5681e046103ce87c3d300c6631425a95e2a70c39e5fd4d47e2c
SSDEEP

1536:zvCWNsW10Ten1VvB7DtNOOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvCWOW10q7Zn3GdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3004	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 3752	3932	e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe	92
PID 3932 wrote to memory of 3752	3932	e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe	92
PID 3932 wrote to memory of 3752	3932	e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe	92
PID 3752 wrote to memory of 3004	3752	cmd.exe	93
PID 3752 wrote to memory of 3004	3752	cmd.exe	93
PID 3752 wrote to memory of 3004	3752	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e620e52143534360b0a0172d8d2540b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:548

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
330ec7a52a92a2e45920c35d65b641c5

SHA1
ee1890a1c9fa7de74383f943a1359661c8ef6daa

SHA256
3baaee668f2247417824aaaeb272a74f0695d1b7fbe7e925b05aa48fe876545f

SHA512
75796fcbc12f99a42fa324daf267ad77a04620d19f6a34ee27e40394b4f5a77f7884b5404cfdb8d2da6e685bafa9d42f4bc9ca8f4e84b6eaf138b62e4ec29e35

Download Submit
memory/3004-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3932-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download