dc6467f122906b62ce68bb2c8cf0d08cbc8f098a90fe175a1e391d2d8a3ff461

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 18:59

Target

d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe
Size

79KB
MD5

d77d15fc3ca0c68e56c0b73aefd5f6a0
SHA1

ec0ed7198882d2805f4ef68e2ee27496c7dd09a4
SHA256

dc6467f122906b62ce68bb2c8cf0d08cbc8f098a90fe175a1e391d2d8a3ff461
SHA512

064ad1658620df624ced7366bab7a0f08e931ff62af053422a3f65553965415060309cc50b8b1d67f76ebd43d43ead648a762c3bebfc37a4b02b586348b0b7c4
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5ySB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMySN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1860	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4468	1804	d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe	91
PID 1804 wrote to memory of 4468	1804	d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe	91
PID 1804 wrote to memory of 4468	1804	d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe	91
PID 4468 wrote to memory of 1860	4468	cmd.exe	92
PID 4468 wrote to memory of 1860	4468	cmd.exe	92
PID 4468 wrote to memory of 1860	4468	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d77d15fc3ca0c68e56c0b73aefd5f6a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
654103d09a6d54e3a089dfc047734cad

SHA1
f2f929da967f6ef8779efff002c7b73eb7d44a8b

SHA256
543190d121cc4a8fb913bd3836510979f42672ae73be9c5c1a8a3caf61d0e3a0

SHA512
4bd515f67351d162d3d10e9431257efad349f6e0ea452121c0f9c295cc3fd38665ad93de477d53920d93103303c9bb3442a38928b91d3c1f153f640575cf581c

Download Submit
memory/1804-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1860-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download