0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 22:41

Target

0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe
Size

79KB
MD5

ab130439ed16f6ff2a1078795f9db280
SHA1

90dc63bc42579b4b2661e1d3c59c7d5d77c4d1fd
SHA256

0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6
SHA512

507bb0b8d88b09b32be82e51f13a1d52b18f590d38565c15a3331fa4a8abce00ab307f6f593c5e2f596cc717319adf190144a9b94b46d4f5a535f0413d247062
SSDEEP

1536:zvY5d6ODgS8fsitOQA8AkqUhMb2nuy5wgIP0CSJ+5yAB8GMGlZ5G:zvYTU4GdqU7uy5w9WMyAN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4184	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 5024	3912	0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe	89
PID 3912 wrote to memory of 5024	3912	0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe	89
PID 3912 wrote to memory of 5024	3912	0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe	89
PID 5024 wrote to memory of 4184	5024	cmd.exe	90
PID 5024 wrote to memory of 4184	5024	cmd.exe	90
PID 5024 wrote to memory of 4184	5024	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0c803703edcc91e010ce5863087d0b1f762ec8a507f285b818f1ae0c7f1615f6_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5024
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4220,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
1⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d409a7b8cce30637691c157db38a13f4

SHA1
5c9afd40c8ff52a50242a674d387b23cdd50ce0a

SHA256
c442f7ae7c8a408c62baff5a848bdb272706f52188651946a6c96daf3251b593

SHA512
73fa28d72f87e5be31140f77fe64ba88314b095298b6cda544fc0c6ba7d35dabba848294b06058ba035e4a08eead294cf143e0d832e88e073fa77dc8a4ea5bbf

Download Submit
memory/3912-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4184-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download