fe4fa7305de0aede7733cbb11d57a45d5a57fe79d0713e26a59e620421f71fa5

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 16:11

Target

6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe
Size

79KB
MD5

6b1c5fafb42b37cb091346d564480bc0
SHA1

8cce94e7aafdd020318bdfbd00c3bdcda8902eec
SHA256

fe4fa7305de0aede7733cbb11d57a45d5a57fe79d0713e26a59e620421f71fa5
SHA512

74e149c0d97d322fe021730a9544763a6cd65346f8d570b7c6351464111723ef7b7297ba0e4bdb8a863aea27131c8f6e7c4ce1211ac0765e965779834d9f06b2
SSDEEP

1536:zvmkZZZb2LA41Wq6OQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvmq2LCCGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 4608	628	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	94
PID 628 wrote to memory of 4608	628	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	94
PID 628 wrote to memory of 4608	628	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	94
PID 4608 wrote to memory of 2600	4608	cmd.exe	95
PID 4608 wrote to memory of 2600	4608	cmd.exe	95
PID 4608 wrote to memory of 2600	4608	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4608
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ac2b834190b5db2c6ee8f89cd831632d

SHA1
1ca59632d11ae4281dbb6ed45343f3636ba27f14

SHA256
6f4eb35b6fac44db2d68211c4fc16a180cff9c1aac75d8a7b31ff0a440afb700

SHA512
662b53a51ba1eda2fecd6d32935722482175b27525482f59a56e18fd4c4603255baea9ad3bba9f413dc9791eaa5f0bc9ec0f892d24bc249321f6089694006bb0

Download Submit
memory/628-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2600-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download