96c84b5aa04800b7f7d46231f810ce11c1fb03a0a4c1a2ee8dfdab08ae8d7185

Analysis

max time kernel
133s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:40

Target

13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe
Size

79KB
MD5

13542ebd0de0b1480e2734bb686dd200
SHA1

59cde88afaf15c075de4153b2e4901a1c4139899
SHA256

96c84b5aa04800b7f7d46231f810ce11c1fb03a0a4c1a2ee8dfdab08ae8d7185
SHA512

079d42911d0273eea582e5cb855800ed947dbe7e265639eda9827243f9d32411bfb1172629fd2cc38280e0e39ab2ceeb3ee4e8b9545b33036bed5d827680fa4e
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2532	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2316	2028	13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 2316	2028	13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe	91
PID 2028 wrote to memory of 2316	2028	13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe	91
PID 2316 wrote to memory of 2532	2316	cmd.exe	92
PID 2316 wrote to memory of 2532	2316	cmd.exe	92
PID 2316 wrote to memory of 2532	2316	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13542ebd0de0b1480e2734bb686dd200_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8
1⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
91569d7999e8922fdc325d18f65cb80b

SHA1
2bcb51e085b7e7725e58c9b2abcbd18225794452

SHA256
b03f82ff7dab26d82fdd1e21ee1152b1765265c61b117ac1c2acc2b9768b9512

SHA512
734ac53749beecda3ebcd81d738737b7e4dd2eecc3f9434b5cea0446b20194b3083630755f25d116119eec4ebe50576ab2fd919aabd09acb98f1b202c5612686

Download Submit
memory/2028-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2532-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download