ad8635d033349401289b1b87974f85613addcdd775fedc7321b33bdaaae190fb

Analysis

max time kernel
140s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 07:02

Target

b7d250db7492a522f725bed8c8a54c20_NeikiAnalytics.exe
Size

321KB
MD5

b7d250db7492a522f725bed8c8a54c20
SHA1

55a8a5fed74b92058ac9b781b5968793acf395b7
SHA256

ad8635d033349401289b1b87974f85613addcdd775fedc7321b33bdaaae190fb
SHA512

ce36a9d628e218604fa85bad38efa2a5ff198fcbc3f2d39cdb306a4522bed790e6de3ced8b89bc05614febd24198c544901b46108a5edb14bc12802e9f7a9860
SSDEEP

6144:l6ZZ9+FCNhL0t6B9cvTQ9c+39Aofag/Kwd+oc92j1wrCoeBkZUd/rAA:SZYFs0EB9Qk6LXIlwOobU/

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4444	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b7d250db7492a522f725bed8c8a54c20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b7d250db7492a522f725bed8c8a54c20_NeikiAnalytics.exe"
1⤵
PID:3096

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

memory/4444-16-0x0000020087140000-0x0000020087150000-memory.dmp

Filesize
64KB

Download
memory/4444-0-0x0000020087040000-0x0000020087050000-memory.dmp

Filesize
64KB

Download
memory/4444-32-0x000002008F430000-0x000002008F431000-memory.dmp

Filesize
4KB

Download
memory/4444-34-0x000002008F460000-0x000002008F461000-memory.dmp

Filesize
4KB

Download
memory/4444-36-0x000002008F570000-0x000002008F571000-memory.dmp

Filesize
4KB

Download
memory/4444-35-0x000002008F460000-0x000002008F461000-memory.dmp

Filesize
4KB

Download