019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074

Analysis

max time kernel
133s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 21:11

Target

020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
Size

79KB
MD5

020eed924a280054c4539ec0404d6da0
SHA1

a691838dfdba8fa784fd6afaab8547bb7a6139ac
SHA256

019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074
SHA512

3b230e077abaf15b5355ecc8d9de23c364a3838bb2586dea1f0c591cf4fdc9999b231df31cb2fe7a2dcab50b162e7b1f0d9042da74102cab76ef637890cbc9f7
SSDEEP

1536:zvOjaGdq/bOXbIv3YOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvOjapaYGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2028	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 3952	2348	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	93
PID 2348 wrote to memory of 3952	2348	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	93
PID 2348 wrote to memory of 3952	2348	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	93
PID 3952 wrote to memory of 2028	3952	cmd.exe	94
PID 3952 wrote to memory of 2028	3952	cmd.exe	94
PID 3952 wrote to memory of 2028	3952	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3952
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4624,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
1⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
49caf46630fa1da76f622b61e8dd1bb5

SHA1
3c7d8c9d5ef80a42b605a179f872faa93d8113f8

SHA256
0ae98037ec3d8feefc9977ff9dce52374868384c97fce1e2c61ab43f5f5435f0

SHA512
4760180c47f61fa54b39cc17e97da63f4fd35b6772e856736cc3e83b7fe28605edeb241c69aa843e89a8a782cfcce2a2eb27883b9366e91b9a0482ad929d47af

Download Submit
memory/2028-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2348-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download