a055e4826923da2651064ff10200fc4b96eb72ccea0b65303be148cc0856b008

Analysis

max time kernel
143s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 22:46

Target

092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe
Size

79KB
MD5

092d3eeb885f999f2aa8f590a300bc90
SHA1

dbfa79a3f4a69e7f337cc89ee35d8f27202ef3be
SHA256

a055e4826923da2651064ff10200fc4b96eb72ccea0b65303be148cc0856b008
SHA512

b2bfe058afe4fcc696b8f02dfe0d653ad46c477f04b2f4876db97300461c3df5ef0529de99aaec825727a22f61f44ae24a0dd07f7230a115ba6d28b95f91cae2
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5yjB8GMGlZ5G:zvGifgMSGdqU7uy5w9WMyjN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5116	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 1464	4484	092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe	92
PID 4484 wrote to memory of 1464	4484	092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe	92
PID 4484 wrote to memory of 1464	4484	092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe	92
PID 1464 wrote to memory of 5116	1464	cmd.exe	93
PID 1464 wrote to memory of 5116	1464	cmd.exe	93
PID 1464 wrote to memory of 5116	1464	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\092d3eeb885f999f2aa8f590a300bc90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1464
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
69080cde344c6f01a92a7f07f80bc57a

SHA1
28af6024561d460ffb316602ac73f39df26016e3

SHA256
d2bc9bc4973c9c6ecbc63bfacc350da5fbc3c4d89af4c9aa06053921ecaf8678

SHA512
8b6740e52039ee4edb17bc9675a9c2fdf1e2788171f5248206bd19d0d33458545fda7e98a1bec38ce7eb1ba9f6d0cb73086875de10eaeaffd3539cac7401869c

Download Submit
memory/4484-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5116-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download