23f30b21d4081178bb05a7c0e69f213300d1e6f29a78d4101a96b67134c3daba

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:15

Target

bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe
Size

6.0MB
MD5

bbb8f4cb2aea960896263c0c106f4980
SHA1

58619fc790f2015dfcf4d1ec2547ec4b1a51474e
SHA256

23f30b21d4081178bb05a7c0e69f213300d1e6f29a78d4101a96b67134c3daba
SHA512

99ffabed41ecd897a3663df9364ffdc444634343f1ab20474526a53711ff8430fe54deca331459a28047b1a359aa56f13202bda02c9b7859969c5e0c09b60875
SSDEEP

98304:emhd1UryebNR0lgU3AOr5jCoHGBRG0V7wQqZUha5jtSyZIUS:el7fVU3AOr5mMGBRp2QbaZtlir

Score

7^/10

Deletes itself 1 IoCs

Processes:

2D45.tmp

pid process

4776 2D45.tmp
Executes dropped EXE 1 IoCs

Processes:

2D45.tmp

pid process

4776 2D45.tmp

pid	process
4776	2D45.tmp

pid	process
4776	2D45.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe

description	pid	process	target process
PID 1372 wrote to memory of 4776	1372	bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe	2D45.tmp
PID 1372 wrote to memory of 4776	1372	bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe	2D45.tmp
PID 1372 wrote to memory of 4776	1372	bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe	2D45.tmp

C:\Users\Admin\AppData\Local\Temp\bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Users\Admin\AppData\Local\Temp\2D45.tmp
  "C:\Users\Admin\AppData\Local\Temp\2D45.tmp" --splashC:\Users\Admin\AppData\Local\Temp\bbb8f4cb2aea960896263c0c106f4980_NeikiAnalytics.exe BB74CC93ED138E9CC8A3AA3645D388037B097FD99DD8DD9799E2F2C181BA3F9DFC1A9B73418969C9D92B7D60897CCD03F4EF476AD8A101BD16EA8639750D0408
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3460 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\2D45.tmp

Filesize
6.0MB

MD5
22dc0dea17471030835487612d48152f

SHA1
a9b71676b3decd9820ee345702df9b2145984d44

SHA256
eb76e19cf259b012831e79d7bbc5cb421164a1e3fbd3e3d691e1344722473f03

SHA512
6ec818f1ddcad90a6d43bd4c26b1e8d1a790a296065de960d4b2cc32fb6f49f084d687101b028ca99673a42cdb1d0e221d6eca86a8cf41b3928aefce471ab927

Download Submit
memory/1372-0-0x0000000000400000-0x0000000000849000-memory.dmp

Filesize
4.3MB

Download
memory/4776-5-0x0000000000400000-0x0000000000849000-memory.dmp

Filesize
4.3MB

Download