9d70a7e8e25a4355beea19717301b72c19e20f8e99898ee84eb32d25e48ec755

Analysis

max time kernel
132s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:46

Target

19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe
Size

79KB
MD5

19b331ab49632abe8d71a35e1eec7c40
SHA1

1d6f32a6a76183615ff5b9be697abc28c25eb933
SHA256

9d70a7e8e25a4355beea19717301b72c19e20f8e99898ee84eb32d25e48ec755
SHA512

6040b17553f57c027b69dd1f3ea8f2467aad243a9cb00c4a2ae89751c288f2be129f4581cdbe79eaed49844669d33bc7d182660968d3fbe40291b0c9e2b06bc6
SSDEEP

1536:zvztTrSAXAQKCcOQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zvztPPwteGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2436	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2672	2036	19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe	91
PID 2036 wrote to memory of 2672	2036	19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe	91
PID 2036 wrote to memory of 2672	2036	19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe	91
PID 2672 wrote to memory of 2436	2672	cmd.exe	92
PID 2672 wrote to memory of 2436	2672	cmd.exe	92
PID 2672 wrote to memory of 2436	2672	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19b331ab49632abe8d71a35e1eec7c40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3764,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
1⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d1510932dd2721a109e5e1ac4986106b

SHA1
4bf92ead93e109b31223a36c5f9ec47954c54a8c

SHA256
68015a26966ff091fb38347e86645baaf06c6d02bdcacae56fc83abf2e1dad94

SHA512
55dfbb5b57d54534c6fc0de58f8ab255847ea4bda03fe662dab1440975ba4a29f2bdc1b2d76931cfc796cc8cb8ebda4ab8279e1b87a36d6d1f2d7f474ebdc2a3

Download Submit
memory/2036-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2436-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download