42653f33077e8941d47783d180c464a56f5f86997742702d19f88408258b5213

Analysis

max time kernel
139s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 23:16

Target

6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe
Size

73KB
MD5

6c90d887d7cf109ab709bff4332b3510
SHA1

188c6bb807062cf104cd044419338d00b321f29d
SHA256

42653f33077e8941d47783d180c464a56f5f86997742702d19f88408258b5213
SHA512

923786d107ef5d8c5febe48c5768c68fdb788e8cc35431eac00e6c700b22e0a40daffc349858006a11b93d19dc25de3c1ae6123534bbda165af2d8d2f8512471
SSDEEP

1536:hbpavLPm5AuK5QPqfhVWbdsmA+RjPFLC+e5hI0ZGUGf2g:hwvTm5PNPqfcxA+HFshIOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3340	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 456	4248	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	92
PID 4248 wrote to memory of 456	4248	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	92
PID 4248 wrote to memory of 456	4248	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	92
PID 456 wrote to memory of 3340	456	cmd.exe	93
PID 456 wrote to memory of 3340	456	cmd.exe	93
PID 456 wrote to memory of 3340	456	cmd.exe	93
PID 3340 wrote to memory of 4516	3340	[email protected]	94
PID 3340 wrote to memory of 4516	3340	[email protected]	94
PID 3340 wrote to memory of 4516	3340	[email protected]	94

C:\Users\Admin\AppData\Local\Temp\6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:456
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3340
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
e097f3815d0f0aa4dbb500060428af8f

SHA1
1cb76267f39484f1c5f16d0e8f90c72893df05d3

SHA256
096ea4f4a4af2f87d04d7d84e615733e7c38a4d060e382a7152fa694d1486bab

SHA512
ccda36ef850bbf924e5a798b966a1721c9254c89e228e58a927c3bef8f8be9706127d7ca05115cf164a7b40af944d00230351ffaede0e095279512458dc2a876

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3340-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4248-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4248-9-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download