28681224ed31b15f0853a7fd4e9e31e5bbf835042e0e6825a4ad6fdb3cd10c5c

Analysis

max time kernel
133s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 22:10

Target

57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe
Size

79KB
MD5

57bdc439c8934bcbb81ae518cd7f74f0
SHA1

66c1051aa242e3b3a4a7bebf05054a3c16be9d7f
SHA256

28681224ed31b15f0853a7fd4e9e31e5bbf835042e0e6825a4ad6fdb3cd10c5c
SHA512

b207ef7ba2aaeb9b6be582f640252028b613b9a24fd591da6b030aca493cbd14158016debd71703b4e3900cc86fb312bf4bacb6d4ebafac63e246fc8167d6cd2
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3700	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 764	3364	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	91
PID 3364 wrote to memory of 764	3364	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	91
PID 3364 wrote to memory of 764	3364	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	91
PID 764 wrote to memory of 3700	764	cmd.exe	92
PID 764 wrote to memory of 3700	764	cmd.exe	92
PID 764 wrote to memory of 3700	764	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4168,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:8
1⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9f98ad41a04fc7d1df88e522a13abc94

SHA1
19e51629f79bc66bd999491d4570f6891ade7056

SHA256
44e0de7bf8dacea17d206625dde876d8c25c83035c9f4d0cd8f29027234addb4

SHA512
e24cc859649f43e120c8fbb5f6cfafc83a96f97e25fb78a267ed6a8afe3c05bde634d5088d155b58099e0c1229ca443f4676673098d7b8a0e9de3aa4d6fcc7ac

Download Submit
memory/3364-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3700-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download