3dc881ba47d19aae08e95f263c9de40ab414f845addeb6bf41715a41622f65f2

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 09:14

Target

16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe
Size

79KB
MD5

16c93c1edcc028c79ea62edb14c99070
SHA1

e3e4074c9d51ce88c7ab82756349f2d6326304e0
SHA256

3dc881ba47d19aae08e95f263c9de40ab414f845addeb6bf41715a41622f65f2
SHA512

86f6ebd519f8d7cbf6880b88066508377d53915167eec7c1cc228c2fde189b62625a7e080ccc72d7767154fd5633bd64832f1057a4443952f34b876525148d35
SSDEEP

1536:zvwi2cZZ/v1vhdHOQA8AkqUhMb2nuy5wgIP0CSJ+5yoB8GMGlZ5G:zvyGZ1JduGdqU7uy5w9WMyoN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3924	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3964	1508	16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe	91
PID 1508 wrote to memory of 3964	1508	16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe	91
PID 1508 wrote to memory of 3964	1508	16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe	91
PID 3964 wrote to memory of 3924	3964	cmd.exe	92
PID 3964 wrote to memory of 3924	3964	cmd.exe	92
PID 3964 wrote to memory of 3924	3964	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16c93c1edcc028c79ea62edb14c99070_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4100,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4020 /prefetch:8
1⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2f95419ea48377ad31c6be06e7532a68

SHA1
d38ad65606b428a3d48134c6d0fa6f47cfc81c29

SHA256
058d6fad9376aba30a7e83715d0733410675f92feba2991df9f0cd18ea9a61e1

SHA512
2b092f067207b14b77ee3c438f61c336a2dbf64d4674c351a286f348f919a5df8a5e47eeac74928ce49a91989a2d24a6ffa34d218e2d2af2a37e7abeb975ae12

Download Submit
memory/1508-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3924-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download