7637a87ffc3aa71dcd7809b2acb169dd2fb53c7d5889d506a92b217421430b4f

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 06:54

Target

7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
Size

79KB
MD5

7bb74497189d4e16c27b570c697c3d40
SHA1

1e9febe8f2086a95334da119a0f3ebeb5db140b8
SHA256

7637a87ffc3aa71dcd7809b2acb169dd2fb53c7d5889d506a92b217421430b4f
SHA512

72771ffe2e9caa6a6c3c5b99a6cb78d1f8e7d2869d649e0296d5d1c5af4348255ac3499a9f26c97051179c22a63afe4e73fda52f16947d23e224b9fcb3a4ac97
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3436	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3160	3304	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	93
PID 3304 wrote to memory of 3160	3304	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	93
PID 3304 wrote to memory of 3160	3304	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	93
PID 3160 wrote to memory of 3436	3160	cmd.exe	94
PID 3160 wrote to memory of 3436	3160	cmd.exe	94
PID 3160 wrote to memory of 3436	3160	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4508 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d1889ebff1cdbd3da1116780cc589e8d

SHA1
286201a7cf75dd805a1240c596da228c4e842cc0

SHA256
3b34cb96054d523417982c196a4ac3a4bd6e1f7aab86cbacae28785f624ea113

SHA512
f1fccfc4c17a858742edc4d232f646feb96cae2038f18f7ee738e137b6c5ca451070c5364c732bfaa9b8434bf24b0a3f473f8dd28d2bf06b561f4b4523038810

Download Submit
memory/3304-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3436-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download