d939f528b132a6bc3a4c62b8e7467cd2ccf52fbe3e9663485d18203a02c5f369

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 23:38

Target

274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe
Size

79KB
MD5

274b7afa082af29e25f4dc790f7a04c0
SHA1

d32e1f1cddf573acc9ae1fe769fcc6d513688c04
SHA256

d939f528b132a6bc3a4c62b8e7467cd2ccf52fbe3e9663485d18203a02c5f369
SHA512

0bfb7d0a094d4397068c21976818f9ff3f79fe5c75e23e4b981bd30db540afa66b011e3a3be1a314879942300a1461face41494a2999c1000482a7a5d39a6543
SSDEEP

1536:zvJudrqrpLekL5OQA8AkqUhMb2nuy5wgIP0CSJ+5y6B8GMGlZ5G:zvJu0rpLXUGdqU7uy5w9WMy6N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2788	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4520	1600	274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe	93
PID 1600 wrote to memory of 4520	1600	274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe	93
PID 1600 wrote to memory of 4520	1600	274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe	93
PID 4520 wrote to memory of 2788	4520	cmd.exe	94
PID 4520 wrote to memory of 2788	4520	cmd.exe	94
PID 4520 wrote to memory of 2788	4520	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\274b7afa082af29e25f4dc790f7a04c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4520
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4168 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f430c8db65a2b1cd985411b7896c6ff8

SHA1
5fc58484866eeb2fe1adc2f0c9ee2bb613f94d65

SHA256
96fa9ac5e76690513e0c5da63ba18d93c89b27b1d30e3cb8639b2b2a18431dd1

SHA512
7787e9ba0bd9eb57c64e78155d34cd77918abacf37fd3d51dbe38c09b79811755dc727b048a56ac584980a436d324178f678a84f0b8ea27d0b3c1567f5a55ac9

Download Submit
memory/1600-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2788-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download