a7589fa55f577c4ce07d1eaaa169ae49755a86d5d793d0d1ae52a2022d93dff1

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 16:31

Target

c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe
Size

79KB
MD5

c6161aa76f806aafc1c1a9f171afd6c0
SHA1

96c829f2a9b83b971183fedbd20443e5a37f08e1
SHA256

a7589fa55f577c4ce07d1eaaa169ae49755a86d5d793d0d1ae52a2022d93dff1
SHA512

6e1db51788828c3679c78963ed25bb76cc712d86dedbd012afad95ddf00107242b5827c39a6ab31cec97cd9437b14a0f1aa3c25a6ec32558b5319e06594aa4e4
SSDEEP

1536:zvT7GBZqOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvT7YfGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3588	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 3912	4160	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	91
PID 4160 wrote to memory of 3912	4160	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	91
PID 4160 wrote to memory of 3912	4160	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	91
PID 3912 wrote to memory of 3588	3912	cmd.exe	92
PID 3912 wrote to memory of 3588	3912	cmd.exe	92
PID 3912 wrote to memory of 3588	3912	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3912
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a9d5991de0a96de4610f8143caa565cd

SHA1
3e0ab984031d7e3ea08af8f9e1e31d206a57a0e8

SHA256
addbb0ab79617bb703469606fefe4206c053959d445bb33ec6865aee79e71bdb

SHA512
6c49cd915489e7750357afea5da84946444174158574261614afda769b789140d974d9ef55a4a92fa8bb5cf3242a6034ecb7505f117cdfd47f61d6da209222bb

Download Submit
memory/3588-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4160-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download