5da74a251964fdf175cebdf35dbdf152e495d065d2eb358fbeef8de5f8333410

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 00:38

Target

5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe
Size

79KB
MD5

5cbc4256231dac08c32c40efde575b50
SHA1

3f39e44b89785e048898a04e9f3b048cc281f0b9
SHA256

5da74a251964fdf175cebdf35dbdf152e495d065d2eb358fbeef8de5f8333410
SHA512

8747c81cbdd96bae8d0ff6d60e8060afed3303d335b9111bb72b098dfeefc8a28183ac462926a09c89ad7033cebe375d3041395d9cf2fa3f0663f73f51229106
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvNuAjGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3004	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 532	5040	5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe	91
PID 5040 wrote to memory of 532	5040	5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe	91
PID 5040 wrote to memory of 532	5040	5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe	91
PID 532 wrote to memory of 3004	532	cmd.exe	92
PID 532 wrote to memory of 3004	532	cmd.exe	92
PID 532 wrote to memory of 3004	532	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5cbc4256231dac08c32c40efde575b50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3948 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
60bbf76ce8afa4d7e5ec2153b9b5855a

SHA1
863d47959956987f8d3ea032b6a74f36fcb15998

SHA256
5d97f03762b8a44fcb958ee4301b365bcc649a1c8b22481edf5ccca6e1bef478

SHA512
f0ecf27940ba1235e108810d391292c18432569a078449849d4db7769aa53b3914d960613b89f8137761d873612198b17ab82388084629d027451add47488183

Download Submit
memory/3004-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5040-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download