1cee6bcd3a52e1a59fbea6f26515df0e7d9f4586ef20cc442474735e4fba9de0

Analysis

max time kernel
132s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 06:59

Target

37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe
Size

79KB
MD5

37bdd572c4da98ec8752ae5130a5aa70
SHA1

05172550c034c7a1dd509947bba551bd102e2005
SHA256

1cee6bcd3a52e1a59fbea6f26515df0e7d9f4586ef20cc442474735e4fba9de0
SHA512

34f3e9d724358a5783bb8b7680f89b3700f547b170b2184488dc148e071566721f6f3fd378196cda3bb2eb4ebbb723af4c02461ad98983369d64168297b04f52
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2328	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 3964	1912	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	91
PID 1912 wrote to memory of 3964	1912	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	91
PID 1912 wrote to memory of 3964	1912	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	91
PID 3964 wrote to memory of 2328	3964	cmd.exe	92
PID 3964 wrote to memory of 2328	3964	cmd.exe	92
PID 3964 wrote to memory of 2328	3964	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8
1⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
77874f2acc9c617e7616d74a967c8b36

SHA1
15a278047fa20207090268aad0916ff8887af3b3

SHA256
b5baf45d626d4eb72d3ebaa4cd456e4f80398ffd9eacc41ad3d5a7f717fc809a

SHA512
12772cfb0506263e670af27173e7fedb8a03d8ca6f318b62499841d168fdb42ddd3df4bc472a9c463ad23094400d081e53e1ce3100a4190df5e0a6f9c1280e82

Download Submit
memory/1912-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2328-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download