dc0cd7118ff0e622dc9d4019d76f040edc0c8a489d786ae2b0550cef84cadf10

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 01:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
Size

220KB
MD5

b8b8fd42e45f7b073c056d7c9c128b90
SHA1

280f3764778fcf2a845bd8159fb1fecb02fd78f2
SHA256

dc0cd7118ff0e622dc9d4019d76f040edc0c8a489d786ae2b0550cef84cadf10
SHA512

56344e1e88766b7302b331e74ed739f38011c007b47193a3f39115b8591a649d3073254c0be1593f39f277dbc3cb794bf43c0285e43debcd7646e73bdb6f98da
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIgpB:WacxGfTMfQrjoziJJHIU

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
2084	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
3000	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
1596	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
2972	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
3020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
1720	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
1180	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
1424	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
2780	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
2504	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
2524	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
2084	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
2084	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
3000	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
3000	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
1596	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
1596	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
2972	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
2972	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
3020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
3020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
1720	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
1720	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
1180	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
1180	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
1424	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
1424	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
2780	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
2780	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
2504	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
2504	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000d0000000153cf-14.dat	upx
behavioral1/files/0x0007000000015cad-48.dat	upx
behavioral1/memory/2520-79-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2896-111-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1240-140-0x0000000000250000-0x000000000028A000-memory.dmp	upx
behavioral1/memory/2708-175-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2020-191-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000016c2e-208.dat	upx
behavioral1/files/0x0006000000016cab-237.dat	upx
behavioral1/files/0x0006000000016cc9-256.dat	upx
behavioral1/memory/2972-303-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1180-328-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2780-351-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2504-363-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2524-375-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2504-374-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2780-362-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1424-350-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1424-340-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1180-339-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1720-327-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1720-316-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3020-315-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3020-304-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2972-292-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1596-291-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1596-280-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3000-279-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3000-268-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2084-267-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2084-255-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2960-254-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2960-240-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2376-238-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000016c7a-224.dat	upx
behavioral1/memory/2376-223-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1744-222-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1744-207-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2188-206-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000016c26-192.dat	upx
behavioral1/files/0x0006000000016c17-177.dat	upx
behavioral1/memory/2020-176-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000016a45-161.dat	upx
behavioral1/memory/2708-160-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2692-159-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2692-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00060000000167ef-144.dat	upx
behavioral1/memory/1240-143-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000016597-127.dat	upx
behavioral1/memory/2896-126-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000015cdb-112.dat	upx
behavioral1/memory/2752-110-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2752-96-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0009000000015cca-95.dat	upx
behavioral1/memory/2520-94-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000015cc1-80.dat	upx
behavioral1/memory/2512-78-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-64.dat	upx
behavioral1/memory/2512-63-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2700-62-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2700-47-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2676-46-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0036000000015c6d-32.dat	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 189e0627c1ca2633	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1632	2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe	28
PID 2348 wrote to memory of 1632	2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe	28
PID 2348 wrote to memory of 1632	2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe	28
PID 2348 wrote to memory of 1632	2348	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe	28
PID 1632 wrote to memory of 2676	1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe	29
PID 1632 wrote to memory of 2676	1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe	29
PID 1632 wrote to memory of 2676	1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe	29
PID 1632 wrote to memory of 2676	1632	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe	29
PID 2676 wrote to memory of 2700	2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe	30
PID 2676 wrote to memory of 2700	2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe	30
PID 2676 wrote to memory of 2700	2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe	30
PID 2676 wrote to memory of 2700	2676	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe	30
PID 2700 wrote to memory of 2512	2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe	31
PID 2700 wrote to memory of 2512	2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe	31
PID 2700 wrote to memory of 2512	2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe	31
PID 2700 wrote to memory of 2512	2700	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe	31
PID 2512 wrote to memory of 2520	2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe	32
PID 2512 wrote to memory of 2520	2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe	32
PID 2512 wrote to memory of 2520	2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe	32
PID 2512 wrote to memory of 2520	2512	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe	32
PID 2520 wrote to memory of 2752	2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe	33
PID 2520 wrote to memory of 2752	2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe	33
PID 2520 wrote to memory of 2752	2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe	33
PID 2520 wrote to memory of 2752	2520	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe	33
PID 2752 wrote to memory of 2896	2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe	34
PID 2752 wrote to memory of 2896	2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe	34
PID 2752 wrote to memory of 2896	2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe	34
PID 2752 wrote to memory of 2896	2752	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe	34
PID 2896 wrote to memory of 1240	2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe	35
PID 2896 wrote to memory of 1240	2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe	35
PID 2896 wrote to memory of 1240	2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe	35
PID 2896 wrote to memory of 1240	2896	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe	35
PID 1240 wrote to memory of 2692	1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe	36
PID 1240 wrote to memory of 2692	1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe	36
PID 1240 wrote to memory of 2692	1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe	36
PID 1240 wrote to memory of 2692	1240	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe	36
PID 2692 wrote to memory of 2708	2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe	37
PID 2692 wrote to memory of 2708	2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe	37
PID 2692 wrote to memory of 2708	2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe	37
PID 2692 wrote to memory of 2708	2692	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe	37
PID 2708 wrote to memory of 2020	2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe	38
PID 2708 wrote to memory of 2020	2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe	38
PID 2708 wrote to memory of 2020	2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe	38
PID 2708 wrote to memory of 2020	2708	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe	38
PID 2020 wrote to memory of 2188	2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe	39
PID 2020 wrote to memory of 2188	2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe	39
PID 2020 wrote to memory of 2188	2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe	39
PID 2020 wrote to memory of 2188	2020	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe	39
PID 2188 wrote to memory of 1744	2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe	40
PID 2188 wrote to memory of 1744	2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe	40
PID 2188 wrote to memory of 1744	2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe	40
PID 2188 wrote to memory of 1744	2188	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe	40
PID 1744 wrote to memory of 2376	1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe	41
PID 1744 wrote to memory of 2376	1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe	41
PID 1744 wrote to memory of 2376	1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe	41
PID 1744 wrote to memory of 2376	1744	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe	41
PID 2376 wrote to memory of 2960	2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe	42
PID 2376 wrote to memory of 2960	2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe	42
PID 2376 wrote to memory of 2960	2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe	42
PID 2376 wrote to memory of 2960	2376	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe	42
PID 2960 wrote to memory of 2084	2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe	43
PID 2960 wrote to memory of 2084	2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe	43
PID 2960 wrote to memory of 2084	2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe	43
PID 2960 wrote to memory of 2084	2960	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2348
- \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
  c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1632
- - \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
    c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
      c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2700
    - - \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2512
      - \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2896
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1240
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2692
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2020
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2188
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1744
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2376
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2960
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2084
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3000
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1596
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2972
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3020
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1720
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1180
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1424
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2780
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2504
        
        \??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe
        
        c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe

Filesize
220KB

MD5
8649736e78eb5487c7a709f924500fb2

SHA1
58e335a5dede1a7a1a1ccc28f6b201ed5cf91029

SHA256
4268af4df5e7f2bc194f1b0e8124a8e175570d67bb107aa39a7875418a236466

SHA512
8c9aef633ed2bea67172249cfa08e7c204761a7956be812d105655c3d5776b2e5520c1fd61843c43befbd0034fa5bccd07ff85c3d5fc69662b0993fdaae53cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe

Filesize
223KB

MD5
8bc8ef14811fc39aab118c4f072fc651

SHA1
c87a9c6ef13f934696e436ceaeb25f2cf6afd7bb

SHA256
a2932a99adfcd9c1f46d0e0828a88dbc04a5b792d2575f888f8125cd2891cfd6

SHA512
a1eb56319c1485c9be051a7ba43f9d72b414b0129745cfc0f9355a225b2db641c8eb169752fb08277b2cfd4a710ced0bbf3520315cbfe36d5a195cf7e48e9b4a

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe

Filesize
220KB

MD5
1e360227d8765203df01a99eb86818ab

SHA1
1e734553c5064af5004a1cfbd1b38b7ddc41d0d8

SHA256
87b1584f38f9d92fe02475637967f5f8537eb888b0bae5a014fd94f12df63a83

SHA512
96d6444d50a11fa3b0ffcec348e27c4442a9839ae55a7432ddae1f0f3f89fa93ec37f0369638b2c12d59cd7425b401c846e42b9584d4403cb1dfaa671705e5d8

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe

Filesize
221KB

MD5
d351b095f3fffa0501b202b18050890b

SHA1
b7c9317afdcdfea0be1392dbe12aa377872a280d

SHA256
6d14e59779245b79446b8ed92473a79fe6136eb62f8076810ec57290db1508f4

SHA512
5715313327ed9c4194f5d7507603cb1f2f89bd53a173356e2de8343d684f1fc134864e42fbc8dd9455cca32d7368574e6d8ebf217b9cedf8d883565b8297d16a

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe

Filesize
221KB

MD5
d90217661ded735354c26a4862a27bbf

SHA1
ee137ef37995476b5d0cc966a6fe6a058df46135

SHA256
0e649644bccf349dcf1596ccaea9bf9a03f4663fc3e4a19ae5d06fe14b9f8396

SHA512
d3169ee5cdbc7baa68434cc0579bbef8f456493cd531245748152609ef26094f0b41e6b40c08ae8c675cacececf7cd0b6e5a88b048403294e063bcbd1633e3ef

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe

Filesize
221KB

MD5
26aa314d131d9cd1f40aaf3a53fd9129

SHA1
be3771ab4c1301663940ecdd7573c14e44dd0d7d

SHA256
f94a14ac2073af0abf2044e28db5901204e90d6a7e557331c0b654192940b862

SHA512
944bc9ffc8c311aea9953ed8da17bc993a9936a8e193797a763bfe534d4fb44a09234fdcf5b82abfe301158ba1f030fde1151749e3d564b1a10259b6fb989cc0

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe

Filesize
221KB

MD5
0f39177376f772c587f9b7f4052c17f7

SHA1
e9e8adc3049c7fdc3e9520b75e3a06bfe00955cc

SHA256
710573dcc875eb0043d1c9a2abedd397a66e1eb2562d4af009d8afbb821bae57

SHA512
f7f1a1af62fd233399f39e03fafedb98c9715fd0ed214423fdfa9d289840f1fd6b3f82793f51e9db468e82663161f9b5cc7c4e77ba5dd280dcccbe90706cc151

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe

Filesize
222KB

MD5
1bd815b195e04898895497348c53f5f9

SHA1
4c4d21efc79b1dfc5aab6a60ee7dcd6ddcf7c895

SHA256
3dd1c557bfaeb35b4fab7cdcf03a6cad72ab0d5a0493f988991ffafeb00048f9

SHA512
88c2e4b640b753fd86d3b4a1a62a167345627c0cb69f3ce807295e9488d462e44ff88dd4f328e6c1c6f92da0323100e2b4af3135f82f768162d881ad550d4791

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe

Filesize
222KB

MD5
dc478df8c4c476310dcbf12ba0c080f3

SHA1
16a158e2d2b9b293954b01d99de6a1066887894b

SHA256
d2adab91d317273b1ad878dff2374bb49b9a4be12d5baddb25fafd94ccf64b37

SHA512
05cc15412e918613bf555d7e5f9c393021b1c42afa5fe0184153f67be39921fb107ee301b7557d0d3aae9a6ec8d8a5103200dbc1ea058e2ce24b2fd5c518a7a5

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe

Filesize
222KB

MD5
e4c20b73f0cc08dd9b7437fc662fd286

SHA1
0fd13d588ce06a1d66fb504d1388ece9dcba60c6

SHA256
7fe333cc7f5c21a675cb89aa6d81083d9cc0e58ae29d768c69580bda11e8fad3

SHA512
76504c49527536d438818803515f665d96afb5f0e4013c989964c1cf40d2f810a21f70ea551f9f7b7ccebdc46934d44a858cd26cc156aabb140d1010aef9fab5

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe

Filesize
222KB

MD5
c7a727da8012211362ffc96857164d8b

SHA1
8a0ece35c1611eca77f6ede77edeff7b9162a47f

SHA256
0210185a14f3a3914d26ec7df1ff5b1e4fdf1e339aedfcdc71d309d3e8a6f6b2

SHA512
f9ac7cdd7d4be98e4b67bcd7b701193b1d09203352f400646c61e7f709ed2bf84f90fd509e04199dc2a7c84da60cbb21f9a76f26fd6d0f0669f7a04ab2688e31

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe

Filesize
223KB

MD5
926e306b4d34355e4e66b315bafd854c

SHA1
fe7a1cc93de7e408b2ddbaa9efefd1d629327bed

SHA256
7c81cc7eacec0baf8c81a63e8ed1d467b27a97afb66a30bbc4acd45797b14a39

SHA512
24ac45b1b298869dc4e83881e5df7892edb1e6c738da96bf8fe0b2ccd78778b87dc0dac65a708149daeca1ef8f34abfb947d458d0f552c12e0c5cf28f98349ad

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe

Filesize
223KB

MD5
44961501c33a62afd4e0e1e490f27290

SHA1
cc2c406ec1c63d4cf8d47197a63311c786ab9b6f

SHA256
3572016d341dd778971146f7585c51dba9dfb9673f16d3cc17906b96049a152a

SHA512
5483154edf074ff86cad8ee2f2dc761142765a5a0fe3dbcd8957bfec29fc8eef906cef64944a1eefa5020d50c6f4a7fb69e5060f8a636875de538c6c0fb5b490

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe

Filesize
223KB

MD5
3a6cf3b2800225e87911707d69719a9a

SHA1
de3c4118abffdb8b0ca9c973d8abcbe1693b972d

SHA256
54143669096ecd67ba48fb4723a32a0e76318542d08d1f1050e71762f44a4842

SHA512
61d3f61d12138b4a77f4e6b9ab685dab15e8fdb8fd1f95facc4ac87d9c0d02a5f0021e1baf3b72a40f9447c91d12433ba1dde2201bd787610000c951978003a1

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe

Filesize
223KB

MD5
6564d57da4c41938a6597e0fdf0c2786

SHA1
2177f36691c54acbc6ef6678d18da7e8dae0a319

SHA256
ad89840438e293e6db34af66b45b86b63cb0d705d51532547fdfe2ca1fbff592

SHA512
c879eb9f3d9642c588d4b96fcceeec08ff47cf96c8a64f7f792e85fff193ad0d6c6f6e2d886b7c29d3895950ba6f576956fc57d5903ca6df8c8499ae53af3da2

Download Submit
\??\c:\users\admin\appdata\local\temp\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe

Filesize
224KB

MD5
f73dcf02499d60dd3885f8270fbb04e3

SHA1
f2b140f658adaa16ba877a01334d3b37fa6d7fe0

SHA256
946f2876127122f5a7c296f40aa505029e827af6f4e0344f16d3dd1de6e1b5a1

SHA512
c744d93dca649bdbfb561070e2f4f027975c171d55b529336a7081cdb7e3ab6c3f7541c5cb807edbbac3baaef3ee5ca1e3b6321a88bc61fb363ebc7bcebd0740

Download Submit
memory/1180-328-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1180-339-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1240-141-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/1240-140-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/1240-143-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1424-350-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1424-340-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1596-291-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1596-280-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1632-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1632-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1720-327-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1720-316-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1744-207-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1744-222-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2020-191-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2020-176-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2084-267-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2084-255-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2188-206-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2348-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2348-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2376-238-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2376-223-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2504-374-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2504-363-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2512-63-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2512-78-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2520-79-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2520-94-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2524-375-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2676-31-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2676-46-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2692-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2692-159-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2700-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2700-62-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2708-160-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2708-175-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2752-110-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2752-96-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2780-362-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2780-351-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2896-111-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2896-126-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-254-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-240-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2972-292-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2972-303-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3000-279-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3000-268-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3020-315-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3020-304-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_NEIKI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202k.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202j.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202e.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202q.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202a.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202o.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202i.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202y.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202d.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202n.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202w.exe\""	b8b8fd42e45f7b073c056d7c9c128b90_neiki_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads