8809dcc4baa2c91036b2a6301bbb452b8c3a1fd41029f4bd4d2fe8c48b81a62d

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 02:20

Target

6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe
Size

73KB
MD5

6037af823a1f919f4063a3dbd19f0520
SHA1

5539bb4fd3669742f3d01d86127abd0d2bc66295
SHA256

8809dcc4baa2c91036b2a6301bbb452b8c3a1fd41029f4bd4d2fe8c48b81a62d
SHA512

f101c2d20e1cf6405c124b976f6c6a83a33c60b93be2a3ad101b12ecf70ef8ea797ed210d3ff5961247271d3e56d1525dd7c389d343037fc8d330cb6d6b3ea81
SSDEEP

1536:hbYNv0f2k5FKK5QPqfhVWbdsmA+RjPFLC+e5hD0ZGUGf2g:h8Nv0b5FKNPqfcxA+HFshDOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3948	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 1428	3544	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	92
PID 3544 wrote to memory of 1428	3544	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	92
PID 3544 wrote to memory of 1428	3544	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	92
PID 1428 wrote to memory of 3948	1428	cmd.exe	93
PID 1428 wrote to memory of 3948	1428	cmd.exe	93
PID 1428 wrote to memory of 3948	1428	cmd.exe	93
PID 3948 wrote to memory of 3568	3948	[email protected]	94
PID 3948 wrote to memory of 3568	3948	[email protected]	94
PID 3948 wrote to memory of 3568	3948	[email protected]	94

C:\Users\Admin\AppData\Local\Temp\6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1428
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3948
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
b4b0df88ae098a8b2087c5a5e6c6c21c

SHA1
437d404b3d9f9a5d3ac2b2e07a6ea74195a6d492

SHA256
83898592c6ca8491960862e1d11185313dfe572b6de15fd09c0d83c56a78951b

SHA512
84b9476907ed99b7f9ba9baf34625020c6e9940e4a4a38868966cee3f91654d9d04f6278b96ec0f2e4f23f3f6b3d3b344f7ffafec3bbb392b77f56ceca35235b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3544-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3948-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download