020eed16adcafdc0bf469d8870066036df98cc196728b22a1209e7f6957b5e4e

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 07:17

Target

7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe
Size

79KB
MD5

7c713e5ac90ce820fe853e9520c8a360
SHA1

56d41ae1c62ee366070a0a8dd7f04fb13811e221
SHA256

020eed16adcafdc0bf469d8870066036df98cc196728b22a1209e7f6957b5e4e
SHA512

23990f64610b4728622618b443477e51e244c727ac1bef1edaed31f423cd15a52acb4d347c214170cd397eed5f0d1de9d1b17ce2cff5d8bd4098b524e903f91d
SSDEEP

1536:zvzay1pd0LctWUOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvzPOxRGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1832	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4000	5028	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	91
PID 5028 wrote to memory of 4000	5028	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	91
PID 5028 wrote to memory of 4000	5028	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	91
PID 4000 wrote to memory of 1832	4000	cmd.exe	92
PID 4000 wrote to memory of 1832	4000	cmd.exe	92
PID 4000 wrote to memory of 1832	4000	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4380,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8
1⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4789894241e13fbba316ac1c453dfcba

SHA1
54119062ef5d4bf29f0fa4a743d784c004d578ce

SHA256
6f4ffdef1e418e08f1833ec4b5894b6453e327cb4b40986aa3af4558d77e1825

SHA512
00b9b782d7017c9b8cb2885b0a3584efe8b21457ea5f61d18fdf0a7143497968640ca4029e3949d0ef3ffca88ee9ca5026ead4e11141f5c17b9153a325284a23

Download Submit
memory/1832-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5028-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download