a2edf2dc530aba1b0cfca7e4a3eef1f3dd95b89c57e7d6db1b19a566e3360b2b

Analysis

max time kernel
133s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 23:28

Target

cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe
Size

79KB
MD5

cd87dbe0dd16370880c9cda86aebd0d0
SHA1

a3f336fe7cac89df62cde708997c45935a430cae
SHA256

a2edf2dc530aba1b0cfca7e4a3eef1f3dd95b89c57e7d6db1b19a566e3360b2b
SHA512

43ec2cbdcbe508681c2fabe7e18497f9e9ff36621f3e932683cfea6b8f5fe7dd4667800eb91be64643460a064214304d735b8c84d7ccb61c637105f547bcb0fa
SSDEEP

1536:zvt0DJR6NMuOQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvt0k0GdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3268	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 4456	3940	cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe	91
PID 3940 wrote to memory of 4456	3940	cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe	91
PID 3940 wrote to memory of 4456	3940	cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe	91
PID 4456 wrote to memory of 3268	4456	cmd.exe	92
PID 4456 wrote to memory of 3268	4456	cmd.exe	92
PID 4456 wrote to memory of 3268	4456	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cd87dbe0dd16370880c9cda86aebd0d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
1⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a2bfc73cb5a25c0dd628794be7a0b5db

SHA1
8ee81c5b0dd2bded4c6dac9bb286c3ec03a5a8ae

SHA256
fd7da877d5d7bb4b2901a3584232f6a16c101daa575e1d8d2fa9f96c8eee29b8

SHA512
6052e1c139e3aac57dc9c1a27e491876200b62e446a8622a3153e91ce0cb4e0b68f75733fe87e8ed51f45570f00c137f572d5430c8bd0c09cb549344ebb07854

Download Submit
memory/3268-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3940-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download