103a8f59fa4b2952eee7632620e6cb1e27c014e7dd62e8fde40545143e17e9c4

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
Size

371KB
MD5

1dbbecb9e49eebc10b7576a06ae51320
SHA1

09e0147fe254b8bc085258afcc5da96521242045
SHA256

103a8f59fa4b2952eee7632620e6cb1e27c014e7dd62e8fde40545143e17e9c4
SHA512

7a4c5941696261cd2a916115412103a7a5ef09a5d3e19c1edf3f6394e2b1c5604d0711fa87f7458dbb7d277628aaf66daaf4b11dd692dc2309eb8a0dc2c3bbe4
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4JZe:rqpNtb1YIp9AI4F8Ze

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
1964	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
2892	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
1548	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
1844	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
1056	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
2928	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
3036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
2284	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
2280	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
1684	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
2352	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
1964	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
1964	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
2892	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
2892	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
1548	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
1548	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
1844	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
1844	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
1056	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
1056	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
2928	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
2928	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
3036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
3036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
2284	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
2284	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
2280	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
2280	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
1684	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
1684	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1cdbdfa88e8c7ad8	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2036	1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe	28
PID 1684 wrote to memory of 2036	1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe	28
PID 1684 wrote to memory of 2036	1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe	28
PID 1684 wrote to memory of 2036	1684	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe	28
PID 2036 wrote to memory of 1868	2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe	29
PID 2036 wrote to memory of 1868	2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe	29
PID 2036 wrote to memory of 1868	2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe	29
PID 2036 wrote to memory of 1868	2036	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe	29
PID 1868 wrote to memory of 2632	1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe	30
PID 1868 wrote to memory of 2632	1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe	30
PID 1868 wrote to memory of 2632	1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe	30
PID 1868 wrote to memory of 2632	1868	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe	30
PID 2632 wrote to memory of 2552	2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe	31
PID 2632 wrote to memory of 2552	2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe	31
PID 2632 wrote to memory of 2552	2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe	31
PID 2632 wrote to memory of 2552	2632	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe	31
PID 2552 wrote to memory of 1192	2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe	32
PID 2552 wrote to memory of 1192	2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe	32
PID 2552 wrote to memory of 1192	2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe	32
PID 2552 wrote to memory of 1192	2552	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe	32
PID 1192 wrote to memory of 2464	1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe	33
PID 1192 wrote to memory of 2464	1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe	33
PID 1192 wrote to memory of 2464	1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe	33
PID 1192 wrote to memory of 2464	1192	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe	33
PID 2464 wrote to memory of 1296	2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe	34
PID 2464 wrote to memory of 1296	2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe	34
PID 2464 wrote to memory of 1296	2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe	34
PID 2464 wrote to memory of 1296	2464	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe	34
PID 1296 wrote to memory of 2596	1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe	35
PID 1296 wrote to memory of 2596	1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe	35
PID 1296 wrote to memory of 2596	1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe	35
PID 1296 wrote to memory of 2596	1296	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe	35
PID 2596 wrote to memory of 2676	2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe	36
PID 2596 wrote to memory of 2676	2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe	36
PID 2596 wrote to memory of 2676	2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe	36
PID 2596 wrote to memory of 2676	2596	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe	36
PID 2676 wrote to memory of 2668	2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe	37
PID 2676 wrote to memory of 2668	2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe	37
PID 2676 wrote to memory of 2668	2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe	37
PID 2676 wrote to memory of 2668	2676	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe	37
PID 2668 wrote to memory of 1872	2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe	38
PID 2668 wrote to memory of 1872	2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe	38
PID 2668 wrote to memory of 1872	2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe	38
PID 2668 wrote to memory of 1872	2668	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe	38
PID 1872 wrote to memory of 1756	1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe	39
PID 1872 wrote to memory of 1756	1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe	39
PID 1872 wrote to memory of 1756	1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe	39
PID 1872 wrote to memory of 1756	1872	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe	39
PID 1756 wrote to memory of 1852	1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe	40
PID 1756 wrote to memory of 1852	1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe	40
PID 1756 wrote to memory of 1852	1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe	40
PID 1756 wrote to memory of 1852	1756	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe	40
PID 1852 wrote to memory of 1240	1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe	41
PID 1852 wrote to memory of 1240	1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe	41
PID 1852 wrote to memory of 1240	1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe	41
PID 1852 wrote to memory of 1240	1852	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe	41
PID 1240 wrote to memory of 1448	1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe	42
PID 1240 wrote to memory of 1448	1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe	42
PID 1240 wrote to memory of 1448	1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe	42
PID 1240 wrote to memory of 1448	1240	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe	42
PID 1448 wrote to memory of 1964	1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe	43
PID 1448 wrote to memory of 1964	1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe	43
PID 1448 wrote to memory of 1964	1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe	43
PID 1448 wrote to memory of 1964	1448	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1684
- \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2036
- - \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2632
    - - \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1192
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1296
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2596
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2676
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1872
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1756
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1852
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1240
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1448
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1964
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2892
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1548
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1844
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1056
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2928
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3036
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2284
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2280
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1684
        
        \??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe

Filesize
372KB

MD5
028a9eb867b575df0e315019ca60c960

SHA1
63bd7e02cb314cf568a833e80270d681929ae2e8

SHA256
420a57197607e46010b64d6f990eab8b28e71e562bd7f5baf63f43a15c311d5c

SHA512
174877765be69e21ff395f0bdd27d74bb4b7ab5c356421aa7ab6e30f6fbef86f9f7f626f81def04f53b1f2fe6b5e655d8c41f18107d64eb13c9e93627f1730d4

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe

Filesize
372KB

MD5
5e8078a08bec8d864aaa6c6a4d3e9ba8

SHA1
2d8c6d9f5f2e9b36a839e98abfde26b48964ccd8

SHA256
029ce2e2415ac4e60d896b4b5b43896d66fd3992f57aaf71be271ffbe65d8e04

SHA512
1418ccf8e58b3cd8e0533b356534b0362bc36a60adf55b8b4f74ac1df0a49ca7f0495424299dcfb46da187b95ab9f15da934d52bd4a28f5fafdeb77123469f36

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe

Filesize
372KB

MD5
57e055c119ce0adda13760336b450302

SHA1
3b69dc98d516be67684465d4e1363040db1303b2

SHA256
c1f7c6c4d843abff74b3ecfa95e54dda0b9d575680ed19dd70af39b23b731653

SHA512
459b2033cdfa5b9d6cf1196689085a52aa0af00c1ca92772dd390ede6c02672909f6d3c8b1ee414762b4d03a28ba6874329117d1ae8d23ab68ee2c13f4978d6d

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe

Filesize
373KB

MD5
182998d5fae8d6313077d37668a47e62

SHA1
a2cf881476d730073b20e88ca7efc6f8cc2d1a36

SHA256
e7fc3e9f851c763376b984929fdad4fcdc9fa85452687d340c1fc7f701810426

SHA512
b6b57c4a444b01a2f3e9f02d954b66d451cda3e8260a11880ac4bb06710cbec624445856eefcb9036a32cd0ef43fa35e846343ab3dc5713a571fd2b4122157a0

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe

Filesize
373KB

MD5
1f87098ecebbe5bceba49dfc526811e2

SHA1
5d676bb9676bb9668e0fbe03025384948a14b1ba

SHA256
37770a0633ef354d28d5ddff6a49bc6d6f577e45d367b0835ab16b2f9818f303

SHA512
a4bd2e525916c3c17ceaa23ebe40214e0c9403a17d0fe2cd9fb3495ac78bc878167248a00da33e8f1a86667efed9d41556e40965592fe3f357467f2dfae9c093

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe

Filesize
374KB

MD5
0243b8a716355349243bcbbd08548ecc

SHA1
2d673b1a656201d45bf105f6a79a3de3e09dadb1

SHA256
44db6df9e30f24460f91686c6b45ed7eea6dd0783be7c84e30d2c363604a51b8

SHA512
dfdba513f5848e33581be6431bb6f8eebb1e767d78a73f93d9429f4aa662f26156214b8c7e3e11d6c5888912da12138be146f5021acf86f8a388cb53472b4a12

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe

Filesize
374KB

MD5
7878421d954d32dec4149230652d7ffb

SHA1
97c311f55ed5a30f6ca82cfe393f0b2a1c9aae94

SHA256
b193c041856032167ae6fd29cbc22974a67b381fc126a9f033f987f4a6ffb380

SHA512
f36b0a716a2e729afc69352b5e7e700f23b4fbfdd9e6fa756bfff77fccc647765b77fa62e92ee90a01e04015947aef6f946770646099ab7df9c7d9bced311672

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe

Filesize
374KB

MD5
7318838f95d73137de7bb92cf56b211f

SHA1
4bf18ec889ee1ccb8097ecaafe5d51fe03b18663

SHA256
d25c7fafa6a343f453f83750bc7c254e2e5c9658396d5ea14c48f86b4dd68ec1

SHA512
1afb65773cf17ff43c48a9d11de745deb0b40b342ecd92ca3638540467235d365713de55d4ba361125b86076de9539f97590f1674a80e3e6c9f3c13d2d5d8196

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe

Filesize
374KB

MD5
1305f5ba543043099c7403142c65b7bb

SHA1
3bf96dce5d4925db4e5b06caffac4138a182a693

SHA256
787a76f4180afec238034020cb29163c0fa0944f9c5ce6871061cc3584c768c6

SHA512
f39c312f984f0ee7546188d079a0f395951cc927114434da77e6972ddef747368399fb01d704c8323a312b34f9838e72cacfb24858278f0c32bc0af76bed23e8

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe

Filesize
375KB

MD5
af6329bd26bda596d21388accae601ac

SHA1
26c35138be78025ab5bc7fc2de4ed219b7d37946

SHA256
03479c4442c917a7367205a05a872189317a17e82c2f2c905d370271e8ce31cc

SHA512
0a417cf8b7f5de1e7826feb4bea4477cc4437e4fea6ec2551423bbbab3388915398f588e6a908b7ec3a97f1de620a61e782cf404b1b8660a9329cd02f6374c03

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe

Filesize
375KB

MD5
bc993d2e10069764bbdbc53596a65137

SHA1
81fa0d2aa9b62c93f8bc3457ce18e968fc56f67a

SHA256
5231b78931a951e6291ecd5b883a862036e98e88bb07ef3361054552ef200e88

SHA512
00d872dd41eb7a07021e6a47e8a8cd731fd7aa75745db42321e3f4a1019afb51460ebeeb9622d03e5a5642dff143140f094851383c5f701b6f24ad7dc6474b2f

Download Submit
\??\c:\users\admin\appdata\local\temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe

Filesize
375KB

MD5
a15a71c23416adac0c442e4b2193f17d

SHA1
f67ba95b049fa37c1530d6fba178876a960d743c

SHA256
5060bfac80edb4b430d872c854861691be91eb697a4325b041622fe1d3e136fa

SHA512
e25f17752ae1d35a06dd28febf1877533bcf35b648d806003a1a53bc6c0ffc4df8bdbee5becfe49cb93bf027f86d175c4733a581639a940458247cfd5e56e5b2

Download Submit
\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe

Filesize
372KB

MD5
ad914366a9048ccb81aa936870056b30

SHA1
f5d88f3597e4291a68d7f64eb07c9b7d0e24b7ea

SHA256
2e102e9d48711ea490ad02ead7662fe47c0609e833cadb0a9d45b2353f31e294

SHA512
218d7255f6f3fa3c16d13187b13588fdef6c240472d1a9abb5ac8de9403171f72c60b9970007292b9d88900ff79ab49bcf85ce2f6efeabb8666bd5d327597dad

Download Submit
\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe

Filesize
373KB

MD5
69fe19cc906613655025721b9fca4f3c

SHA1
8e500a97489ad941d5b1061955861ac53a840485

SHA256
e0c0964a92ccffdb8d7c72e848df0cad138b383c22f994f74b4df9765bef9c8f

SHA512
3de934cc7b5d45872f1cd624ad223eb2fc305b82798c0e5b0c9c610fbeee61a38fbd35fceb03842f1a8a1d9c5dff1d749d7fecba10267db1b71f364c962cf6fd

Download Submit
\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe

Filesize
373KB

MD5
668dd5eb0d34702edc66ee17b0465c68

SHA1
d221d339a1600d898cc1a94cff1db77c68774932

SHA256
4f82d4ee187c50921cd4db88452021fe5faf9a50f72ad3b4b68f0f8f581533f3

SHA512
8d3bf2ecbe6ecec229c9cf00977dda45743f22af22627a411d610e376aba35b08db41afd12325c92a33351bc5fd7a77e1bd213f8fc3b00b970d6e6c5c32b8799

Download Submit
\Users\Admin\AppData\Local\Temp\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe

Filesize
374KB

MD5
3184ef93a45ec05624fa4af7cfbb4167

SHA1
1823c79f148f98840a1e4a03bd26aa7cd8985aa4

SHA256
1043e0782144501f5d4ac660298779bf6620e6511af8b70b717610e3b6b991a4

SHA512
6bb1d3dda1c85b0cf8c6b6c05387c95bab7e7c50576da92fcf8e297a1c791c659804215a64cb252b9354fe96be6488d4eef94aa8643b5d0e040931ef78cbb35e

Download Submit
memory/1056-311-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1192-93-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1240-235-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1296-123-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1448-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1448-252-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1448-250-0x0000000002660000-0x00000000026A2000-memory.dmp

Filesize
264KB

Download
memory/1548-289-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1684-369-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1684-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1684-13-0x0000000000390000-0x00000000003D2000-memory.dmp

Filesize
264KB

Download
memory/1684-358-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1684-14-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1756-188-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1756-203-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1844-300-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1852-204-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1852-213-0x0000000000350000-0x0000000000392000-memory.dmp

Filesize
264KB

Download
memory/1852-220-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1868-46-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1872-187-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1964-266-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1964-253-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1964-261-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/2036-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2036-31-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2280-351-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2280-357-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2284-345-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2352-370-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2352-371-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2464-108-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2552-78-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2596-139-0x0000000000290000-0x00000000002D2000-memory.dmp

Filesize
264KB

Download
memory/2596-140-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2596-125-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2632-62-0x0000000000360000-0x00000000003A2000-memory.dmp

Filesize
264KB

Download
memory/2632-47-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2632-63-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-170-0x00000000026A0000-0x00000000026E2000-memory.dmp

Filesize
264KB

Download
memory/2668-172-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-171-0x00000000026A0000-0x00000000026E2000-memory.dmp

Filesize
264KB

Download
memory/2676-154-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2892-267-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2892-278-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2928-323-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2928-317-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2928-319-0x0000000002670000-0x00000000026B2000-memory.dmp

Filesize
264KB

Download
memory/3036-334-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202m.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202y.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202.exe\""	1dbbecb9e49eebc10b7576a06ae51320_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202x.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202l.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202w.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202o.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202q.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202s.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202h.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202u.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202k.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202b.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202e.exe\""	1dbbecb9e49eebc10b7576a06ae51320_neikianalytics_3202d.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads