f66bcd198de4ac69cd0b263d00a4bdc8d8c6a6e02bebde6204ae2abfe0a60c7c

Analysis

max time kernel
113s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 07:06

Target

9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe
Size

79KB
MD5

9d8eb02e82f9f8833de88ef6144e8d90
SHA1

5637ce7e9daa65f695bfd3c66dc69acf3cacd1e3
SHA256

f66bcd198de4ac69cd0b263d00a4bdc8d8c6a6e02bebde6204ae2abfe0a60c7c
SHA512

d3e8169f20e8167c74bd66ceba0cea8dfdbbafd1237a66cdcd9a5298166fe4f43bf8615efd3af32bbf172e9572bf210c516b4359ca94abd45b9eb9cd450ef6cd
SSDEEP

1536:zvXObzfMmFJA4r0BOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvXOnkmw4rdGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4852	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1116	1848	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	91
PID 1848 wrote to memory of 1116	1848	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	91
PID 1848 wrote to memory of 1116	1848	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	91
PID 1116 wrote to memory of 4852	1116	cmd.exe	92
PID 1116 wrote to memory of 4852	1116	cmd.exe	92
PID 1116 wrote to memory of 4852	1116	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1116
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c4c9a5fc18db7cafcc45ed089fbb4b22

SHA1
02d5f6891e55bb8c6898752ad0fa69bf0f467eec

SHA256
69b8b1abeef666bc45fc75b97f67b34a2fd20adc1f326fded262da060f60ff16

SHA512
ccdf834ef9ed62a6636f2b8e54e7a6f20615ca89c2292f0ecf7d521372adf5ada16ed072d86820deb13a4c6d0a6550be0698a5c6b0f9f4f02d07c37034baaca1

Download Submit
memory/1848-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4852-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download