resource	yara_rule
behavioral2/memory/2272-67-0x000001CE49A80000-0x000001CE4D2B4000-memory.dmp	family_zgrat_v1
behavioral2/memory/2272-68-0x000001CE69390000-0x000001CE6949A000-memory.dmp	family_zgrat_v1
behavioral2/memory/2272-72-0x000001CE4F140000-0x000001CE4F164000-memory.dmp	family_zgrat_v1

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	u20w.1.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u20w.1.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u20w.1.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	u20w.1.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	u20w.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	u20w.0.exe

pid	Process
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2272	SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
2576	u20w.0.exe
2576	u20w.0.exe

pid	Process
1672	u20w.1.exe
1672	u20w.1.exe
1672	u20w.1.exe
1672	u20w.1.exe
1672	u20w.1.exe
1672	u20w.1.exe
1672	u20w.1.exe

description	pid	Process	procid_target
PID 2624 wrote to memory of 2576	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	87
PID 2624 wrote to memory of 2576	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	87
PID 2624 wrote to memory of 2576	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	87
PID 2624 wrote to memory of 1672	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	89
PID 2624 wrote to memory of 1672	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	89
PID 2624 wrote to memory of 1672	2624	8eec6abf18ef5e6ce025c75d03744600_NeikiAnalytics.exe	89
PID 1672 wrote to memory of 2272	1672	u20w.1.exe	94
PID 1672 wrote to memory of 2272	1672	u20w.1.exe	94

pid	pid_target	Process	procid_target
2332	2624	WerFault.exe	81
4656	2576	WerFault.exe	87

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.