d0cda46adbcf464d98bde1eac0b63ad616ec2d25f5f33ac22bc8bfd14ef94e70

Analysis

max time kernel
140s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 07:37

Target

7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe
Size

79KB
MD5

7d19eba6f7a67c707414e529f2e71b10
SHA1

f208a3c44b144476b88ac17ee5cfcde859251666
SHA256

d0cda46adbcf464d98bde1eac0b63ad616ec2d25f5f33ac22bc8bfd14ef94e70
SHA512

7e14678e8e38eb80757391635c1fbdedbf389fb0ade6f8bbeb5f7ac9eece95209950fdc359fcdab0a66033fbc339b01c29c50244756fdccebeb7a921ae52d012
SSDEEP

1536:zvPx+YaN5yBW47OQA8AkqUhMb2nuy5wgIP0CSJ+5yjB8GMGlZ5G:zvp+RN5GmGdqU7uy5w9WMyjN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1600	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 2728	4752	7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe	91
PID 4752 wrote to memory of 2728	4752	7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe	91
PID 4752 wrote to memory of 2728	4752	7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe	91
PID 2728 wrote to memory of 1600	2728	cmd.exe	92
PID 2728 wrote to memory of 1600	2728	cmd.exe	92
PID 2728 wrote to memory of 1600	2728	cmd.exe	92

C:\Users\Admin\AppData\Local\Temp\7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d19eba6f7a67c707414e529f2e71b10_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ad57eee67f96d981672dcc750895f3d2

SHA1
5ad222e62657889e57b9af1155aa2a6079150f2b

SHA256
018c35e72c7023082347cdbf64c6cfbf8116914c9a81a26a4042f04d658b9813

SHA512
cf22bc92b846d924ce8a3d1b250b43595ba878000d3f10a297ebe58c0de4361c55a2ef2c358be3647bd874e460b2ca09f146550ba7c84924b682c21208496105

Download Submit
memory/1600-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4752-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download