aba77538292a37306be3d08acfa602b92045ba34c4f6259d4eaeaa8ce5621123

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 07:40

Target

4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe
Size

79KB
MD5

4b23afdcaa4f583f7f55b4129125d350
SHA1

bc737ffe2fd26c4de13bf43a0076b799200fb230
SHA256

aba77538292a37306be3d08acfa602b92045ba34c4f6259d4eaeaa8ce5621123
SHA512

d9b0c20de6132b3e27eb2bc139204cad809518e73669b92835e1b913b8bd67958b3a18da6304b3410d9f672d50e444628d6f816fe3eb3fdb4c7e6b6a55eb6f8d
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2416	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1412	2332	4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe	93
PID 2332 wrote to memory of 1412	2332	4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe	93
PID 2332 wrote to memory of 1412	2332	4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe	93
PID 1412 wrote to memory of 2416	1412	cmd.exe	94
PID 1412 wrote to memory of 2416	1412	cmd.exe	94
PID 1412 wrote to memory of 2416	1412	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b23afdcaa4f583f7f55b4129125d350_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
66c79153fec9cef6e251dc2385666b5c

SHA1
d6d581447680c1cd7126e12d6105fad3b338ecb6

SHA256
73cafcd1abf994321b61e7113a62fb1c8b3fac5e123ba1ce4686c4705e5212ac

SHA512
a1b57181396eb81ecac150448d8db5dbed06feec77955366e85ad26019dd68f3bab8ec3d3497977907e85c8fdd75e01b6cbc5252b45356cc67e8b98b7efc2391

Download Submit
memory/2332-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2416-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download