0c40199b9b2c670588529f647eb1c8c378722beb8fc1a13dbe5b6ce65484e202

Analysis

max time kernel
133s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 12:30

Target

53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe
Size

79KB
MD5

53c3c75f910de9d9d2ad3b02b5cd3360
SHA1

e98abe55a24b562622d067b37c4e87dfe887a2b6
SHA256

0c40199b9b2c670588529f647eb1c8c378722beb8fc1a13dbe5b6ce65484e202
SHA512

6b75d49a210fd5df517297dfb8d9e0a62060ce5e35c7dc3947b81c10a634678e5e44a894ad8f61d0447d1ced98b1c7509a479cd18fe6d546493e0ba17e03e72f
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
464	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 4672	3780	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	91
PID 3780 wrote to memory of 4672	3780	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	91
PID 3780 wrote to memory of 4672	3780	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	91
PID 4672 wrote to memory of 464	4672	cmd.exe	92
PID 4672 wrote to memory of 464	4672	cmd.exe	92
PID 4672 wrote to memory of 464	4672	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4672
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:8
1⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8819bdd5dccf81365c93b198c4ff2397

SHA1
39891a0409aeb1cbc70f077d340dc2b98d560d6a

SHA256
7581768e3c1373628292bcb98d71764ea472b72350ebf107f6c79520dfd09dd1

SHA512
c16df58a92acee12bef402d68d1b196c439291f7fdd85bc09ec11abc842e9074cedf04e34d7a22cd7a1e04c8eac5c1f51cc227f62387e5fdd409783ece0f6577

Download Submit
memory/464-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3780-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download