Analysis
-
max time kernel
143s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/05/2024, 19:43
General
-
Target
ddbf2634a1f45ef66926fe00e4dd1be0_NeikiAnalytics.exe
-
Size
207KB
-
MD5
ddbf2634a1f45ef66926fe00e4dd1be0
-
SHA1
74247ada8951e0e215fcd905582ffd3454c6e4df
-
SHA256
1fd25d5da080a4c8f804ca90d2004a7e7f8dc827ccefa7f2bbf22cfca5978852
-
SHA512
c712564c8e817297e0b14e50cc58c6536585ad31d2d56e6f9fa338b3287d3a15a242454185878aaa14cb95b3f9420209a6bfbfef1208e604eecff8e135fc085b
-
SSDEEP
6144:JqHwKlzLY9pWDl25Vjj+VPj92d62ASOwj:ehF09pWRcpIPj92aSOc
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddbf2634a1f45ef66926fe00e4dd1be0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ddbf2634a1f45ef66926fe00e4dd1be0_NeikiAnalytics.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mogcihaj.exeC:\Windows\system32\Mogcihaj.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mcgiefen.exeC:\Windows\system32\Mcgiefen.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmbjcljl.exeC:\Windows\system32\Nmbjcljl.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njhgbp32.exeC:\Windows\system32\Njhgbp32.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nfohgqlg.exeC:\Windows\system32\Nfohgqlg.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nmkmjjaa.exeC:\Windows\system32\Nmkmjjaa.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onmfimga.exeC:\Windows\system32\Onmfimga.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ocohmc32.exeC:\Windows\system32\Ocohmc32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ocaebc32.exeC:\Windows\system32\Ocaebc32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phonha32.exeC:\Windows\system32\Phonha32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pnmopk32.exeC:\Windows\system32\Pnmopk32.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qfkqjmdg.exeC:\Windows\system32\Qfkqjmdg.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qhjmdp32.exeC:\Windows\system32\Qhjmdp32.exe14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qpeahb32.exeC:\Windows\system32\Qpeahb32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aoioli32.exeC:\Windows\system32\Aoioli32.exe16⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaldccip.exeC:\Windows\system32\Aaldccip.exe17⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkgeainn.exeC:\Windows\system32\Bkgeainn.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgnffj32.exeC:\Windows\system32\Bgnffj32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bddcenpi.exeC:\Windows\system32\Bddcenpi.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkphhgfc.exeC:\Windows\system32\Bkphhgfc.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdmfllhn.exeC:\Windows\system32\Cdmfllhn.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdpcal32.exeC:\Windows\system32\Cdpcal32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dgeenfog.exeC:\Windows\system32\Dgeenfog.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dnajppda.exeC:\Windows\system32\Dnajppda.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ddnobj32.exeC:\Windows\system32\Ddnobj32.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Eqdpgk32.exeC:\Windows\system32\Eqdpgk32.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Eoepebho.exeC:\Windows\system32\Eoepebho.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Egaejeej.exeC:\Windows\system32\Egaejeej.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekonpckp.exeC:\Windows\system32\Ekonpckp.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Egened32.exeC:\Windows\system32\Egened32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fooclapd.exeC:\Windows\system32\Fooclapd.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fndpmndl.exeC:\Windows\system32\Fndpmndl.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdnhih32.exeC:\Windows\system32\Fdnhih32.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fqeioiam.exeC:\Windows\system32\Fqeioiam.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Finnef32.exeC:\Windows\system32\Finnef32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbgbnkfm.exeC:\Windows\system32\Fbgbnkfm.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gegkpf32.exeC:\Windows\system32\Gegkpf32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ganldgib.exeC:\Windows\system32\Ganldgib.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gaqhjggp.exeC:\Windows\system32\Gaqhjggp.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ggkqgaol.exeC:\Windows\system32\Ggkqgaol.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Geoapenf.exeC:\Windows\system32\Geoapenf.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Gngeik32.exeC:\Windows\system32\Gngeik32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hahokfag.exeC:\Windows\system32\Hahokfag.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hldiinke.exeC:\Windows\system32\Hldiinke.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilfennic.exeC:\Windows\system32\Ilfennic.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ibegfglj.exeC:\Windows\system32\Ibegfglj.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ipkdek32.exeC:\Windows\system32\Ipkdek32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jaonbc32.exeC:\Windows\system32\Jaonbc32.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jihbip32.exeC:\Windows\system32\Jihbip32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jbagbebm.exeC:\Windows\system32\Jbagbebm.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jlikkkhn.exeC:\Windows\system32\Jlikkkhn.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jllhpkfk.exeC:\Windows\system32\Jllhpkfk.exe53⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kiphjo32.exeC:\Windows\system32\Kiphjo32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe55⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Koonge32.exeC:\Windows\system32\Koonge32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Keifdpif.exeC:\Windows\system32\Keifdpif.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Koajmepf.exeC:\Windows\system32\Koajmepf.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kocgbend.exeC:\Windows\system32\Kocgbend.exe59⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lhnhajba.exeC:\Windows\system32\Lhnhajba.exe60⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lindkm32.exeC:\Windows\system32\Lindkm32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljpaqmgb.exeC:\Windows\system32\Ljpaqmgb.exe62⤵
-
C:\Windows\SysWOW64\Lchfib32.exeC:\Windows\system32\Lchfib32.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mapppn32.exeC:\Windows\system32\Mapppn32.exe64⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mablfnne.exeC:\Windows\system32\Mablfnne.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mpclce32.exeC:\Windows\system32\Mpclce32.exe66⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mpeiie32.exeC:\Windows\system32\Mpeiie32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mjpjgj32.exeC:\Windows\system32\Mjpjgj32.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nciopppp.exeC:\Windows\system32\Nciopppp.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmcpoedn.exeC:\Windows\system32\Nmcpoedn.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njgqhicg.exeC:\Windows\system32\Njgqhicg.exe71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nfnamjhk.exeC:\Windows\system32\Nfnamjhk.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncbafoge.exeC:\Windows\system32\Ncbafoge.exe73⤵
-
C:\Windows\SysWOW64\Ooibkpmi.exeC:\Windows\system32\Ooibkpmi.exe74⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ocgkan32.exeC:\Windows\system32\Ocgkan32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ocihgnam.exeC:\Windows\system32\Ocihgnam.exe76⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oophlo32.exeC:\Windows\system32\Oophlo32.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Oqoefand.exeC:\Windows\system32\Oqoefand.exe78⤵
-
C:\Windows\SysWOW64\Oflmnh32.exeC:\Windows\system32\Oflmnh32.exe79⤵
-
C:\Windows\SysWOW64\Pmhbqbae.exeC:\Windows\system32\Pmhbqbae.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppikbm32.exeC:\Windows\system32\Ppikbm32.exe81⤵
-
C:\Windows\SysWOW64\Piapkbeg.exeC:\Windows\system32\Piapkbeg.exe82⤵
-
C:\Windows\SysWOW64\Pblajhje.exeC:\Windows\system32\Pblajhje.exe83⤵
-
C:\Windows\SysWOW64\Qfjjpf32.exeC:\Windows\system32\Qfjjpf32.exe84⤵
-
C:\Windows\SysWOW64\Qcnjijoe.exeC:\Windows\system32\Qcnjijoe.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Acqgojmb.exeC:\Windows\system32\Acqgojmb.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Abfdpfaj.exeC:\Windows\system32\Abfdpfaj.exe87⤵
-
C:\Windows\SysWOW64\Adepji32.exeC:\Windows\system32\Adepji32.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Aaiqcnhg.exeC:\Windows\system32\Aaiqcnhg.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aalmimfd.exeC:\Windows\system32\Aalmimfd.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bmbnnn32.exeC:\Windows\system32\Bmbnnn32.exe91⤵
-
C:\Windows\SysWOW64\Bapgdm32.exeC:\Windows\system32\Bapgdm32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfmolc32.exeC:\Windows\system32\Bfmolc32.exe93⤵
-
C:\Windows\SysWOW64\Bkkhbb32.exeC:\Windows\system32\Bkkhbb32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdcmkgmm.exeC:\Windows\system32\Bdcmkgmm.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bkmeha32.exeC:\Windows\system32\Bkmeha32.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bgdemb32.exeC:\Windows\system32\Bgdemb32.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ckbncapd.exeC:\Windows\system32\Ckbncapd.exe98⤵
-
C:\Windows\SysWOW64\Cmbgdl32.exeC:\Windows\system32\Cmbgdl32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ddfbgelh.exeC:\Windows\system32\Ddfbgelh.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ddhomdje.exeC:\Windows\system32\Ddhomdje.exe101⤵
-
C:\Windows\SysWOW64\Dalofi32.exeC:\Windows\system32\Dalofi32.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Epdime32.exeC:\Windows\system32\Epdime32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egnajocq.exeC:\Windows\system32\Egnajocq.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egpnooan.exeC:\Windows\system32\Egpnooan.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdkdibjp.exeC:\Windows\system32\Fdkdibjp.exe106⤵
-
C:\Windows\SysWOW64\Fjhmbihg.exeC:\Windows\system32\Fjhmbihg.exe107⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fdmaoahm.exeC:\Windows\system32\Fdmaoahm.exe108⤵
-
C:\Windows\SysWOW64\Fjjjgh32.exeC:\Windows\system32\Fjjjgh32.exe109⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gbhhieao.exeC:\Windows\system32\Gbhhieao.exe110⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gkalbj32.exeC:\Windows\system32\Gkalbj32.exe111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gkcigjel.exeC:\Windows\system32\Gkcigjel.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gbpnjdkg.exeC:\Windows\system32\Gbpnjdkg.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gnfooe32.exeC:\Windows\system32\Gnfooe32.exe114⤵
-
C:\Windows\SysWOW64\Hepgkohh.exeC:\Windows\system32\Hepgkohh.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hbdgec32.exeC:\Windows\system32\Hbdgec32.exe116⤵
-
C:\Windows\SysWOW64\Hjolie32.exeC:\Windows\system32\Hjolie32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Haidfpki.exeC:\Windows\system32\Haidfpki.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hnpaec32.exeC:\Windows\system32\Hnpaec32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hcljmj32.exeC:\Windows\system32\Hcljmj32.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hnbnjc32.exeC:\Windows\system32\Hnbnjc32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-