506b1f13a396ce814fbbe91ae8b285d7cb0311824e9fcfd7baaa97ce16c86a50

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 00:18

Target

1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe
Size

79KB
MD5

1db6bb8d435dfb44330b7e1a6a310af0
SHA1

18ece12418a8e5bb712a7f396df3af68db2ca87d
SHA256

506b1f13a396ce814fbbe91ae8b285d7cb0311824e9fcfd7baaa97ce16c86a50
SHA512

61e19217937bcfe9d88ae7f6eadf29d434c58c7baa3f637459a07738983ee34c12776453d4b2a870a581392b1bcaf5134cbd6eca41e1919e7f83c94bb90b4a91
SSDEEP

1536:zvmc1CWFAZ+7dOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zvmc/SpGdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1928	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4840	4296	1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe	92
PID 4296 wrote to memory of 4840	4296	1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe	92
PID 4296 wrote to memory of 4840	4296	1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe	92
PID 4840 wrote to memory of 1928	4840	cmd.exe	93
PID 4840 wrote to memory of 1928	4840	cmd.exe	93
PID 4840 wrote to memory of 1928	4840	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1db6bb8d435dfb44330b7e1a6a310af0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
91c26cdb220a86d3077f25cff74e5a4f

SHA1
b1a2242199a6715271a3e2849f8ba6dcecfba571

SHA256
904b713902e931ddb2b476a827086ecf7cc4146717270c4e9fb89eedf611e5b8

SHA512
1069ebe598a9181dba1c81080f5c37ba5d92d41d8e37cb6d975fa7b5db9937be7d7360308ebafdc5237b967bc43bdb5a45c3dfabb9d7bf3c8bae5f400a9f85b7

Download Submit
memory/1928-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4296-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download