403beb8f0c98e14c4ca76a782a088efacabc2273e6b94e79b8c9c82a429c1509

Analysis

max time kernel
133s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 03:14

Target

dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe
Size

79KB
MD5

dd5389c5a10803651672979f0ec1aeb0
SHA1

3aa6cdf5c500063d126264582b5e12e66e3b335f
SHA256

403beb8f0c98e14c4ca76a782a088efacabc2273e6b94e79b8c9c82a429c1509
SHA512

b2b7280f03d8733de4a502e28f2eb8769e0de030a762416919676059e21c5927415da3ed2a75eb254757121fdf64621c818ebb4737c49b52ffa2a3cfaeb8e53b
SSDEEP

1536:zvJwHNRJptc2hR5XOQA8AkqUhMb2nuy5wgIP0CSJ+5y+uB8GMGlZ5G:zvWrHhR5eGdqU7uy5w9WMy+uN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3380	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 1444	2908	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	91
PID 2908 wrote to memory of 1444	2908	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	91
PID 2908 wrote to memory of 1444	2908	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	91
PID 1444 wrote to memory of 3380	1444	cmd.exe	92
PID 1444 wrote to memory of 3380	1444	cmd.exe	92
PID 1444 wrote to memory of 3380	1444	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4488,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
1⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a0bdb9aca7196477fd67daf63cde1fa3

SHA1
bf480c349134f601951b19792694bdecec9ff19e

SHA256
4c95401ff425de9324b861369c06cefaf4c9f054a357fcd18816df75fe4d3489

SHA512
ded97fe88f4ee3c31dbb52ee1c68d02930369dc31ab82a2b9074c76c2f12e8277a24a79814dac210052ef3a1314867849c8adaf945873c615f187ca9f708243f

Download Submit
memory/2908-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3380-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download