2a7abd42efbb10902d35ca384493db828b4ae224b9202dddc63a6b2cf590e5fd

Analysis

max time kernel
142s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 15:54

Target

3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe
Size

79KB
MD5

3803b9675198560d298f265b56a7b830
SHA1

ed94fcf1fb066d226bc7d6a96169a4499f5eff15
SHA256

2a7abd42efbb10902d35ca384493db828b4ae224b9202dddc63a6b2cf590e5fd
SHA512

17dfd9cce6ecb7756b42ecd9a74db034b3c22c019a2a3bf936845cc7c4442c3f60fd77b9eee8c57a269406e1b60fa63dae66459c214d6aed2f6ef94a7d6a3397
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1388	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 2496	4436	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	92
PID 4436 wrote to memory of 2496	4436	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	92
PID 4436 wrote to memory of 2496	4436	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	92
PID 2496 wrote to memory of 1388	2496	cmd.exe	93
PID 2496 wrote to memory of 1388	2496	cmd.exe	93
PID 2496 wrote to memory of 1388	2496	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4112 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9663ac274c0efd1798999461ee740ccc

SHA1
b308c3b56ec0efae59f1f021b3d1028b65ac7f30

SHA256
7c5be18b6f5f1dd622f6e589f50f5c9af9c8b1391eeca05e884a9a7777cf5b77

SHA512
dcfc458306f1b3b7262351c606fbc016577433fddb6aed3ad343f62a2f45f1ec6888f779a0da8c11cc16593a86fc7507f3618ac8c1c04c3f0222e45fed225f30

Download Submit
memory/1388-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4436-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4436-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download