Malware Analysis Report

2025-03-15 05:43

Sample ID 240509-s46jpahd9y
Target 783304afd72c993aa63411e471c58a10_NeikiAnalytics
SHA256 064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03

Threat Level: Shows suspicious behavior

The file 783304afd72c993aa63411e471c58a10_NeikiAnalytics was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 15:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 15:41

Reported

2024-05-09 15:44

Platform

win7-20240221-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2292 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2484 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2484 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2484 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 2484 wrote to memory of 328 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 328 wrote to memory of 456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 328 wrote to memory of 456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 328 wrote to memory of 456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 328 wrote to memory of 456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 1656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 1656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 1656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 456 wrote to memory of 1656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 1656 wrote to memory of 1372 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

Processes

C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /start=1 /path=

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /c cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Windows\SysWOW64\cmd.exe

cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Windows\SysWOW64\cmd.exe

cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe /param=1

Network

Country Destination Domain Proto
US 8.8.8.8:53 applicationseason.com udp

Files

memory/2292-1-0x0000000000380000-0x00000000003E0000-memory.dmp

memory/2292-0-0x0000000000400000-0x000000000090A000-memory.dmp

memory/2292-13-0x00000000035C0000-0x00000000035C1000-memory.dmp

memory/2292-12-0x0000000000260000-0x0000000000261000-memory.dmp

memory/2292-11-0x0000000000240000-0x0000000000241000-memory.dmp

memory/2292-10-0x00000000035F0000-0x00000000035F1000-memory.dmp

memory/2292-9-0x00000000035A0000-0x00000000035A2000-memory.dmp

memory/2292-8-0x00000000035B0000-0x00000000035B1000-memory.dmp

memory/2292-7-0x0000000000950000-0x0000000000951000-memory.dmp

memory/2292-6-0x00000000009B0000-0x00000000009B1000-memory.dmp

memory/2292-5-0x0000000000C70000-0x0000000000C71000-memory.dmp

memory/2292-4-0x0000000000990000-0x0000000000991000-memory.dmp

memory/2292-3-0x0000000000960000-0x0000000000961000-memory.dmp

memory/2292-2-0x0000000000970000-0x0000000000971000-memory.dmp

\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

MD5 783304afd72c993aa63411e471c58a10
SHA1 7b0bf45e24eee94c78023ee01e61f19bd76bb766
SHA256 064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03
SHA512 e2a02830feabc079003ded9a9e4fafe7e8e0f7a117c7bbc3cade954ff2eb5e8b0928483001b67812e7654f5f1c5bacad482670592307bf42ffe539f18348c92a

memory/2292-22-0x0000000000400000-0x000000000090A000-memory.dmp

memory/2292-20-0x0000000000380000-0x00000000003E0000-memory.dmp

memory/2484-24-0x0000000000400000-0x000000000090A000-memory.dmp

memory/2292-23-0x0000000005300000-0x000000000580A000-memory.dmp

\Users\Admin\AppData\Local\Temp\nso894D.tmp\Banner.dll

MD5 a748a0a7a7eb56ad356cce710968a380
SHA1 a8cd1e978a4b481f410fc5205ca5a29cdb2c22e7
SHA256 33409ceab861b0164a9ec3a0395934cade72e2ef1f14a9468a604892b2bbcbd9
SHA512 05433019dc827399b00195461fcc58f287d53b34fdeb29c5e402563f83e5e702ac8d9e0978ee87ed7c15dd26d7e76b37751f5d55dec49cde8ea74879dd0c3648

\Users\Admin\AppData\Local\Temp\nso894D.tmp\System.dll

MD5 56a321bd011112ec5d8a32b2f6fd3231
SHA1 df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256 bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA512 5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

\Users\Admin\AppData\Local\Temp\nso894D.tmp\inetc.dll

MD5 e541458cfe66ef95ffbea40eaaa07289
SHA1 caec1233f841ee72004231a3027b13cdeb13274c
SHA256 3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
SHA512 0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

C:\Users\Admin\AppData\Local\Temp\nso894D.tmp\msgbox.dll

MD5 529addc01ba0b31f89ba74518837f03d
SHA1 770bd27e1faa4a2a7ef4a15f53b95661cc314df4
SHA256 f01d831cbd676d7acdeba923bd3f03af733e7dcf83611e84c17561b6ac9412dc
SHA512 0c171ec9456afb6701d2e1accf408a0e36db28977faeee8492e7ba9cf6a1c6d0677b28b3a123264ffe87f366a852698906a8519d6a5c436b500688bbc7dcee82

memory/2484-39-0x00000000042B0000-0x00000000042CD000-memory.dmp

\Users\Admin\AppData\Local\Temp\nso894D.tmp\nsProcess.dll

MD5 faa7f034b38e729a983965c04cc70fc1
SHA1 df8bda55b498976ea47d25d8a77539b049dab55e
SHA256 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA512 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

memory/2484-77-0x00000000057D0000-0x000000000583F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nso894D.tmp\fhelp.dll

MD5 950afc3a4658d36700f4a51c70a6d706
SHA1 65ede985830eedf771aed113b56e8be255e14af2
SHA256 32de26d099d8f0b0d2945c9ef2d47f5f97a23ee8146a7318846510e7e9382525
SHA512 ae529e7960bc7fd8a9940e039cbfb2b6a8d145dac52ae61751f9774b7866a53640ae48e18e6d0d4906f234ab3702b14cc47a26b44789cca697caf6788684a860

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

MD5 01fe6ff3d2664e3ddaf98724b0639f89
SHA1 40c535f27ff017e338f5c376a11403cdf65183df
SHA256 7c85adeb7727f0018dd042ad8aa141f9f4af1767ef0fb95116a2e98b76b28ba4
SHA512 6ff58234edca4c5246478b6f21bac899fa0505fc7d32e6a8aba5fd66de439560da1c3eb53c0880fc08559308d1675cdb6a5ca1c2991b3957087ad6e918b7d3d9

memory/1372-88-0x0000000010000000-0x000000001006F000-memory.dmp

\Users\Admin\AppData\Local\Temp\nso894D.tmp\nsDialogs.dll

MD5 e19264354099e4ecc11fabe7c83daa22
SHA1 224e01bd004043bb7fa5a4b9af7e72fe971e16dd
SHA256 dad73112811567680f6cd57918ed1dff059a4d29727e0007ea48393e81e4976a
SHA512 8848c968dfb7af6fdabcedd215d63dc92c4947de105680f31403380c7daccc77aea0ac09abf25f90b073290950c70d70bebeb8748957e26ad80236bb59f20dcf

\Users\Admin\AppData\Local\Temp\nso8F65.tmp\INetC2.dll

MD5 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1 d850013d582a62e502942f0dd282cc0c29c4310e
SHA256 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

memory/1372-120-0x00000000048B0000-0x00000000048CD000-memory.dmp

\Users\Admin\AppData\Local\Temp\nso8F65.tmp\fmoroz.dll

MD5 ed088e979436d402137c61d867b7877f
SHA1 a45953dbcd3240ea6c312918da6810bba7218d8b
SHA256 10fc289863394c60d735a1c5b79c0c065289e8f7fd3dcbffb92f0de5b1e0313a
SHA512 1bb18fff68da23cfb61a2b9b6c149cb8a9c9bcf3c82685c74e75fdab84e764c023c574f971de6f9a42e4eefd0aa305e176df72abe5f04305f6e0ee163ea71522

memory/1372-135-0x00000000061D0000-0x0000000006244000-memory.dmp

memory/1372-144-0x00000000061D0000-0x00000000062CB000-memory.dmp

\Users\Admin\AppData\Local\Temp\nso8F65.tmp\feature.dll

MD5 ee58e51a81c73589acfea3fa9cc3b7e7
SHA1 75b31d84094bcd04e459ed0ba03475c204022a70
SHA256 7c167dcba0a6a996f739ee00628a52d7ed20442aaf64f51a408a3cc639375ee2
SHA512 46bd806a910acfedc7abd0a2410e808a0ef2dffb899849e858fbe32c2be60e51dc85a058c4c64cb3515a866426d1b63534edd3ea1ea236dec593357b31ecd215

memory/2484-150-0x00000000057D0000-0x000000000583F000-memory.dmp

memory/2484-149-0x0000000000400000-0x000000000090A000-memory.dmp

memory/1372-151-0x0000000010000000-0x000000001006F000-memory.dmp

memory/1372-152-0x00000000061D0000-0x00000000062CB000-memory.dmp

memory/2484-154-0x00000000057D0000-0x000000000583F000-memory.dmp

memory/1372-155-0x0000000010000000-0x000000001006F000-memory.dmp

memory/1372-157-0x00000000061D0000-0x0000000006244000-memory.dmp

memory/2484-175-0x00000000057D0000-0x000000000583F000-memory.dmp

memory/1372-176-0x0000000010000000-0x000000001006F000-memory.dmp

memory/2484-179-0x00000000057D0000-0x000000000583F000-memory.dmp

memory/1372-180-0x0000000010000000-0x000000001006F000-memory.dmp

memory/1372-184-0x0000000010000000-0x000000001006F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 15:41

Reported

2024-05-09 15:44

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe"

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4444 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 4444 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 4444 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 5068 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 5068 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 5068 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 3884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 3884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 3884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3884 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3884 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3884 wrote to memory of 2472 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2472 wrote to memory of 2232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2472 wrote to memory of 2232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
PID 2472 wrote to memory of 2232 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

Processes

C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /start=1 /path=

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /d /c cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Windows\SysWOW64\cmd.exe

cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Windows\SysWOW64\cmd.exe

cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe /param=1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 applicationseason.com udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.184:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
BE 2.17.107.131:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 184.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 131.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/4444-0-0x0000000000400000-0x000000000090A000-memory.dmp

memory/4444-7-0x00000000036C0000-0x00000000036C1000-memory.dmp

memory/4444-6-0x0000000002770000-0x0000000002771000-memory.dmp

memory/4444-5-0x00000000027D0000-0x00000000027D1000-memory.dmp

memory/4444-4-0x0000000002800000-0x0000000002801000-memory.dmp

memory/4444-9-0x0000000003700000-0x0000000003701000-memory.dmp

memory/4444-8-0x00000000036B0000-0x00000000036B2000-memory.dmp

memory/4444-3-0x00000000027B0000-0x00000000027B1000-memory.dmp

memory/4444-2-0x0000000002780000-0x0000000002781000-memory.dmp

memory/4444-1-0x00000000025A0000-0x0000000002600000-memory.dmp

memory/4444-13-0x0000000002790000-0x0000000002791000-memory.dmp

memory/4444-12-0x00000000036D0000-0x00000000036D1000-memory.dmp

memory/4444-11-0x0000000002540000-0x0000000002541000-memory.dmp

memory/4444-10-0x0000000002520000-0x0000000002521000-memory.dmp

memory/4444-17-0x0000000000400000-0x000000000090A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

MD5 783304afd72c993aa63411e471c58a10
SHA1 7b0bf45e24eee94c78023ee01e61f19bd76bb766
SHA256 064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03
SHA512 e2a02830feabc079003ded9a9e4fafe7e8e0f7a117c7bbc3cade954ff2eb5e8b0928483001b67812e7654f5f1c5bacad482670592307bf42ffe539f18348c92a

memory/5068-21-0x0000000000400000-0x000000000090A000-memory.dmp

memory/4444-19-0x00000000025A0000-0x0000000002600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\Banner.dll

MD5 a748a0a7a7eb56ad356cce710968a380
SHA1 a8cd1e978a4b481f410fc5205ca5a29cdb2c22e7
SHA256 33409ceab861b0164a9ec3a0395934cade72e2ef1f14a9468a604892b2bbcbd9
SHA512 05433019dc827399b00195461fcc58f287d53b34fdeb29c5e402563f83e5e702ac8d9e0978ee87ed7c15dd26d7e76b37751f5d55dec49cde8ea74879dd0c3648

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\System.dll

MD5 56a321bd011112ec5d8a32b2f6fd3231
SHA1 df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256 bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA512 5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\msgbox.dll

MD5 529addc01ba0b31f89ba74518837f03d
SHA1 770bd27e1faa4a2a7ef4a15f53b95661cc314df4
SHA256 f01d831cbd676d7acdeba923bd3f03af733e7dcf83611e84c17561b6ac9412dc
SHA512 0c171ec9456afb6701d2e1accf408a0e36db28977faeee8492e7ba9cf6a1c6d0677b28b3a123264ffe87f366a852698906a8519d6a5c436b500688bbc7dcee82

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\inetc.dll

MD5 e541458cfe66ef95ffbea40eaaa07289
SHA1 caec1233f841ee72004231a3027b13cdeb13274c
SHA256 3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420
SHA512 0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

memory/5068-39-0x00000000041C0000-0x00000000041DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\nsProcess.dll

MD5 faa7f034b38e729a983965c04cc70fc1
SHA1 df8bda55b498976ea47d25d8a77539b049dab55e
SHA256 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA512 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

memory/5068-90-0x0000000005020000-0x000000000508F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\fhelp.dll

MD5 950afc3a4658d36700f4a51c70a6d706
SHA1 65ede985830eedf771aed113b56e8be255e14af2
SHA256 32de26d099d8f0b0d2945c9ef2d47f5f97a23ee8146a7318846510e7e9382525
SHA512 ae529e7960bc7fd8a9940e039cbfb2b6a8d145dac52ae61751f9774b7866a53640ae48e18e6d0d4906f234ab3702b14cc47a26b44789cca697caf6788684a860

C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

MD5 01fe6ff3d2664e3ddaf98724b0639f89
SHA1 40c535f27ff017e338f5c376a11403cdf65183df
SHA256 7c85adeb7727f0018dd042ad8aa141f9f4af1767ef0fb95116a2e98b76b28ba4
SHA512 6ff58234edca4c5246478b6f21bac899fa0505fc7d32e6a8aba5fd66de439560da1c3eb53c0880fc08559308d1675cdb6a5ca1c2991b3957087ad6e918b7d3d9

memory/2232-101-0x0000000010000000-0x000000001006F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2D6A.tmp\nsDialogs.dll

MD5 e19264354099e4ecc11fabe7c83daa22
SHA1 224e01bd004043bb7fa5a4b9af7e72fe971e16dd
SHA256 dad73112811567680f6cd57918ed1dff059a4d29727e0007ea48393e81e4976a
SHA512 8848c968dfb7af6fdabcedd215d63dc92c4947de105680f31403380c7daccc77aea0ac09abf25f90b073290950c70d70bebeb8748957e26ad80236bb59f20dcf

C:\Users\Admin\AppData\Local\Temp\nsr31A0.tmp\INetC2.dll

MD5 92ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1 d850013d582a62e502942f0dd282cc0c29c4310e
SHA256 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

memory/2232-142-0x0000000004C00000-0x0000000004C1D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr31A0.tmp\fmoroz.dll

MD5 ed088e979436d402137c61d867b7877f
SHA1 a45953dbcd3240ea6c312918da6810bba7218d8b
SHA256 10fc289863394c60d735a1c5b79c0c065289e8f7fd3dcbffb92f0de5b1e0313a
SHA512 1bb18fff68da23cfb61a2b9b6c149cb8a9c9bcf3c82685c74e75fdab84e764c023c574f971de6f9a42e4eefd0aa305e176df72abe5f04305f6e0ee163ea71522

memory/2232-163-0x0000000004DD0000-0x0000000004E44000-memory.dmp

memory/2232-162-0x0000000004DD0000-0x0000000004E44000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsr31A0.tmp\feature.dll

MD5 ee58e51a81c73589acfea3fa9cc3b7e7
SHA1 75b31d84094bcd04e459ed0ba03475c204022a70
SHA256 7c167dcba0a6a996f739ee00628a52d7ed20442aaf64f51a408a3cc639375ee2
SHA512 46bd806a910acfedc7abd0a2410e808a0ef2dffb899849e858fbe32c2be60e51dc85a058c4c64cb3515a866426d1b63534edd3ea1ea236dec593357b31ecd215

memory/2232-176-0x0000000005BD0000-0x0000000005CCB000-memory.dmp

memory/5068-183-0x0000000005020000-0x000000000508F000-memory.dmp

memory/2232-185-0x0000000005BD0000-0x0000000005CCB000-memory.dmp

memory/2232-184-0x0000000010000000-0x000000001006F000-memory.dmp

memory/5068-182-0x0000000000400000-0x000000000090A000-memory.dmp

memory/5068-207-0x0000000005020000-0x000000000508F000-memory.dmp

memory/2232-232-0x0000000010000000-0x000000001006F000-memory.dmp

memory/2232-236-0x0000000010000000-0x000000001006F000-memory.dmp