372ec271d098e670bf02ecb58e8b1a7393eb22cfdd721bf80b34a6539ae61918

Analysis

max time kernel
132s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 07:00

Target

695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe
Size

79KB
MD5

695b493eab27e2798ab8f566e74dd3b0
SHA1

f52d4439ec684d6e2938756672a3aa16417d065d
SHA256

372ec271d098e670bf02ecb58e8b1a7393eb22cfdd721bf80b34a6539ae61918
SHA512

92a08187c1f78439b17420e34dd1b2afaea6399d831695cb9966436bacba5cb8e7df9d24ba3c714fa9d2aff35291e9108977a6f792aee0e24822bcce0892d399
SSDEEP

1536:zvNY1FBub1Ht0OQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvNQFexGdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1820	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 956	2528	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	92
PID 2528 wrote to memory of 956	2528	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	92
PID 2528 wrote to memory of 956	2528	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	92
PID 956 wrote to memory of 1820	956	cmd.exe	93
PID 956 wrote to memory of 1820	956	cmd.exe	93
PID 956 wrote to memory of 1820	956	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4076,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=1276 /prefetch:8
1⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
483c11926e0c56aac6a79b586e39ef6c

SHA1
ff7efe8023c484bffe4616d9af9a7d0bd1d77eb0

SHA256
1b6c2fc5c62873e7b041e34c760581148573a0065b811cdcabaaa107d31e52f9

SHA512
7801a480ced7c154892de5ead95f30fd86be8c89cdacaf755253903df344f4125f2c64f0f17f1b44aa9edc02481a1987f8ab4569a327fc7ea37839c27800f5d5

Download Submit
memory/1820-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2528-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download