e23c7aafb73c517290a4f7212e7b79f0d4e57b1a301a1ff7bfecc25b5749370f

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 22:24

Target

203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe
Size

79KB
MD5

203778d5ef1ca62bf9fc73ae400ac100
SHA1

31e59cad4b1116b16cb8873b55b4b4f404204728
SHA256

e23c7aafb73c517290a4f7212e7b79f0d4e57b1a301a1ff7bfecc25b5749370f
SHA512

b16b003c1187c6edd0744d23524d65a1670d835d0a6de96b586789da79e23a1604833beccf3e1d034edbff20a4fbee47e628497478614abd42b8d7144e4de44a
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1064	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3764	3968	203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe	91
PID 3968 wrote to memory of 3764	3968	203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe	91
PID 3968 wrote to memory of 3764	3968	203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe	91
PID 3764 wrote to memory of 1064	3764	cmd.exe	92
PID 3764 wrote to memory of 1064	3764	cmd.exe	92
PID 3764 wrote to memory of 1064	3764	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\203778d5ef1ca62bf9fc73ae400ac100_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3764
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:232

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c809d1920e3c953e40092e48db6a2dd5

SHA1
9c047e51133d36000ac2cbfe3401564ecfbff1f3

SHA256
7a37b505d88b6734dc2484e399d971a653baaf26458f3eb8458591d2ed432e2b

SHA512
1f0e07753c445699e1a21dd889c37f496e32fccdf7503b23ec35c6d465e60da3649c7f653bd9d56707060a1b0fa9187f9fa865f9dab7a55571ce1e5a3eb048ba

Download Submit
memory/1064-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3968-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download