3bf5925dffc4d936c3eb23c9d3d1dfb3c6d4a7f4d477e6c8bf170b8767bb3781

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 02:29

Target

8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe
Size

79KB
MD5

8a0890aa5c474c8341877f5b2bcbcda0
SHA1

59086337eb5b8738d322c4d56baafa6cfc879a70
SHA256

3bf5925dffc4d936c3eb23c9d3d1dfb3c6d4a7f4d477e6c8bf170b8767bb3781
SHA512

2edf74804dbe5f2cdd2afa180b4bc08be7ab6138718c4f5b047064641d4fe0ba60845d71f16cb683c459ff4d5dcf2bef60fd5c9a62b9e5b484e82fe961afd802
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1020	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 3112	4560	8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe	92
PID 4560 wrote to memory of 3112	4560	8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe	92
PID 4560 wrote to memory of 3112	4560	8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe	92
PID 3112 wrote to memory of 1020	3112	cmd.exe	93
PID 3112 wrote to memory of 1020	3112	cmd.exe	93
PID 3112 wrote to memory of 1020	3112	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3112
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
1⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6c835d11d483f4eadc6980c8bcc3910f

SHA1
87f35be83685fdfc680de285e66a43708bb61436

SHA256
a61dd6834195ab4eec03c13a3f437a273f51e2cb0b702016879a99bdc50e76cb

SHA512
400ebcc63e881b4d2f87adb3ccdca9e01bbedff4b4219e1ef1664c753d01b2ad20138a2eb52d8fc99376b5681feb387c3c86b147da6addb59e7dd4c6571835d6

Download Submit
memory/1020-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4560-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download