f77da4b8c10545ee0f1ffd855c911172b38412582ba42fb3a293d623b88995db

Analysis

max time kernel
133s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 02:49

Target

8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe
Size

73KB
MD5

8a9dfc30a5d9ee6bbcbb671723868960
SHA1

b944a7bab1bd5dfba797767520ba5e19a52f0631
SHA256

f77da4b8c10545ee0f1ffd855c911172b38412582ba42fb3a293d623b88995db
SHA512

2d98b1bc4ead487bda35fb2cf4aa883a099ef3fa19a80537f8b542e2cdfe32affb738cda29187006c0010274bbd5d2e6f4cbc00c0b16df50c97c71f9c1cd1e35
SSDEEP

1536:hbjR9dvD2K5QPqfhVWbdsmA+RjPFLC+e5hY0ZGUGf2g:h3dviNPqfcxA+HFshYOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
988	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 1012	632	8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe	92
PID 632 wrote to memory of 1012	632	8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe	92
PID 632 wrote to memory of 1012	632	8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe	92
PID 1012 wrote to memory of 988	1012	cmd.exe	93
PID 1012 wrote to memory of 988	1012	cmd.exe	93
PID 1012 wrote to memory of 988	1012	cmd.exe	93
PID 988 wrote to memory of 2280	988	[email protected]	94
PID 988 wrote to memory of 2280	988	[email protected]	94
PID 988 wrote to memory of 2280	988	[email protected]	94

C:\Users\Admin\AppData\Local\Temp\8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a9dfc30a5d9ee6bbcbb671723868960_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:988
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
1⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
9c0a062f5634ca2f1166a1f23679017e

SHA1
9d8ff9aa53fe9067d6ab605089b90b9ad729b12c

SHA256
61538b3a954b9cbc0bb9a152b52e4fc699ef1da9a8c43d5a51db01cbb689fb00

SHA512
6444310511cdcd8c7d868ce8072ece7af7b91dd86d1671c1d9b41785b9028ee84b6873277805bce1828e3f9b13403417def85b6a2309e799c2281748de420957

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/632-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/988-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download