94c7fd8de9e90482a3bb7c007c333687a6553ce5a1868b0d0c90f2e181bd0192

Analysis

max time kernel
141s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 00:59

Target

2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe
Size

79KB
MD5

2a71cc50645cc4124bb28fdad85e0760
SHA1

413c06453a64538bff08a7b912efc3ec87b49460
SHA256

94c7fd8de9e90482a3bb7c007c333687a6553ce5a1868b0d0c90f2e181bd0192
SHA512

39814d346ec55a78b77f948bd1543e5351f1445ef786218ac20349f04b1c3341e13da267078451d710467ae7dc9f84cc1ffd1a0925194f1aaaa8074f32fdce19
SSDEEP

1536:zvec2PUdwS/2YOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zveXPUur9GdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1272	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 2244	4832	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	92
PID 4832 wrote to memory of 2244	4832	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	92
PID 4832 wrote to memory of 2244	4832	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	92
PID 2244 wrote to memory of 1272	2244	cmd.exe	93
PID 2244 wrote to memory of 1272	2244	cmd.exe	93
PID 2244 wrote to memory of 1272	2244	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ec90945d9ed32419817c305fec303991

SHA1
09e328b551c1d60929216de3f0bcb1c4371dd2bf

SHA256
6d3e6887672a165e49794c66273d7f7da1bd7abe0fcf56997f8dd50392d6acd4

SHA512
1dc346722b0dea0c30b3a608057f2c3323086a8068e19957956b740dc4303ab4233843ec2e64be926465ba4bfbe653d9194864592cbad186784c586a2d039341

Download Submit
memory/1272-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4832-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download