42b19763e3e88c288672f0e7b77d5624768ab3226c70c5f9336d9ca04ba57d11

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Size

380KB
MD5

575f5f511668c0578be1dbb9537aed30
SHA1

a074c221b383062c06c5c675f9cb5bd9540dbb8d
SHA256

42b19763e3e88c288672f0e7b77d5624768ab3226c70c5f9336d9ca04ba57d11
SHA512

dd8b032a65f890aa76257f4f207bce7003038e491caf2b0aa906f50bd18606a7bbb6c7c50b57b027e9f4e54fba4d7285d1bb60475852ad2b979e895d8a8b1305
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4DHoxb:rqpNtb1YIp9AI4FR

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
2464	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
688	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
3040	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
1848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
764	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
1616	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
2352	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
1724	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
2824	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
2988	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
1688	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
2464	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
2464	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
688	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
688	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
3040	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
3040	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
1848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
1848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
764	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
764	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
1616	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
1616	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
2352	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
2352	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
1724	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
1724	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
2824	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
2824	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
2988	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
2988	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8953b9cdd74afefc	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 1960	2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	28
PID 2612 wrote to memory of 1960	2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	28
PID 2612 wrote to memory of 1960	2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	28
PID 2612 wrote to memory of 1960	2612	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 2984	1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	29
PID 1960 wrote to memory of 2984	1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	29
PID 1960 wrote to memory of 2984	1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	29
PID 1960 wrote to memory of 2984	1960	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	29
PID 2984 wrote to memory of 2796	2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	30
PID 2984 wrote to memory of 2796	2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	30
PID 2984 wrote to memory of 2796	2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	30
PID 2984 wrote to memory of 2796	2984	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	30
PID 2796 wrote to memory of 2752	2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	31
PID 2796 wrote to memory of 2752	2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	31
PID 2796 wrote to memory of 2752	2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	31
PID 2796 wrote to memory of 2752	2796	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	31
PID 2752 wrote to memory of 2480	2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2480	2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2480	2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2480	2752	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	32
PID 2480 wrote to memory of 2892	2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	33
PID 2480 wrote to memory of 2892	2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	33
PID 2480 wrote to memory of 2892	2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	33
PID 2480 wrote to memory of 2892	2480	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	33
PID 2892 wrote to memory of 2676	2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	34
PID 2892 wrote to memory of 2676	2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	34
PID 2892 wrote to memory of 2676	2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	34
PID 2892 wrote to memory of 2676	2892	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	34
PID 2676 wrote to memory of 2912	2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	35
PID 2676 wrote to memory of 2912	2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	35
PID 2676 wrote to memory of 2912	2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	35
PID 2676 wrote to memory of 2912	2676	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	35
PID 2912 wrote to memory of 1608	2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	36
PID 2912 wrote to memory of 1608	2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	36
PID 2912 wrote to memory of 1608	2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	36
PID 2912 wrote to memory of 1608	2912	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	36
PID 1608 wrote to memory of 1556	1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	37
PID 1608 wrote to memory of 1556	1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	37
PID 1608 wrote to memory of 1556	1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	37
PID 1608 wrote to memory of 1556	1608	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	37
PID 1556 wrote to memory of 2716	1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	38
PID 1556 wrote to memory of 2716	1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	38
PID 1556 wrote to memory of 2716	1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	38
PID 1556 wrote to memory of 2716	1556	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	38
PID 2716 wrote to memory of 848	2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	39
PID 2716 wrote to memory of 848	2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	39
PID 2716 wrote to memory of 848	2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	39
PID 2716 wrote to memory of 848	2716	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	39
PID 848 wrote to memory of 2232	848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	40
PID 848 wrote to memory of 2232	848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	40
PID 848 wrote to memory of 2232	848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	40
PID 848 wrote to memory of 2232	848	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	40
PID 2232 wrote to memory of 2800	2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	41
PID 2232 wrote to memory of 2800	2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	41
PID 2232 wrote to memory of 2800	2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	41
PID 2232 wrote to memory of 2800	2232	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	41
PID 2800 wrote to memory of 772	2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	42
PID 2800 wrote to memory of 772	2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	42
PID 2800 wrote to memory of 772	2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	42
PID 2800 wrote to memory of 772	2800	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	42
PID 772 wrote to memory of 2464	772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	43
PID 772 wrote to memory of 2464	772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	43
PID 772 wrote to memory of 2464	772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	43
PID 772 wrote to memory of 2464	772	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2612
- \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1960
- - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2796
    - - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2752
      - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2480
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2892
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2676
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1608
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1556
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2716
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:848
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2232
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2800
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:772
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2464
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:688
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3040
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1848
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:764
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1616
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2352
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1724
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2824
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2988
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe

Filesize
381KB

MD5
d30e58b4405b5960d50b94a7792449dd

SHA1
4a08609ea8212437864c88788c7ef26a9517d48c

SHA256
a76f3aab7c490a2c547203de242efafd1248a35430f732b0bd297873e9b4e146

SHA512
39baee284b97c5198a55c470c886b12acf95af89516837abf3408d1d9c833b6d6613c64eaddd41b6fdc94038c674f2b64733f007b70c2f01d3f5e52658575203

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe

Filesize
381KB

MD5
044ae116b14b21656d037e5e664b5c8f

SHA1
d1971d0269d4b5abb907c2c8d09daa9bed6ee263

SHA256
8a87227c140138198a020125bce1af927bbffe14eba9f3031520828fdf70bd14

SHA512
f9e586fc4c2d886f4d0537077cf384518063c345fb28f3ef65a6f6fb95105d400c9fb0f3792f653b7ee127fd47b3b1189b6e85dec4b6f26ef7a91cfdf3a50ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe

Filesize
382KB

MD5
1c4509d7fc5d5ee040e9fe2839fb07d0

SHA1
ab6922343742e0ed17e69b17044a565434c430fa

SHA256
3c8ce2a772cdecfb11d43fb1d67a94978d795b6acb3976ecb14b282bb4a465c6

SHA512
25703046ac400eeb2cb727318140760a0737c8ef29e88789bd8a020d868916fe7d53bf4f72a23999b37025d8f7de55d0814b3729156cf28af58e8d951b8a9d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe

Filesize
383KB

MD5
7d55fefddb20ced852416e57c5596d3f

SHA1
eafd65c27d6b63fb2dede728207cde6d38ac646f

SHA256
d53f5ace1c1b81ee321d723435e86d85632543476f1ff6a3198c6ba1ada46a9f

SHA512
30e880784dbf7f6b037a1996132c231d64f8d3601f21249aabbecb857ae9cdeb87e39a5c4256aaff760660fd79ea6da33d3ac76684f6da5b307bd2d9ff990eaa

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe

Filesize
381KB

MD5
4c93700a2b8659251e581db84dbbe0de

SHA1
03c16df94315c48c35336aef168447dd84f082b2

SHA256
8a91d7be5899e0bf1b257e00aaa54fdfb2f09cc9d64f28756578d599c249e426

SHA512
29b1eb0ed09a51a91790583ea190933730c6c6dfcbacf23dbfa28b174a010870427fe840de469239d7533508ca85116cfef72ebaf2f5b8cccb15d1b96b884842

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe

Filesize
382KB

MD5
cd595de91d0951157e367a52e97e28f6

SHA1
13ff9e0e6bb0737ad4ebca5e502e985394636d0d

SHA256
d534fc5f3b14303c43ae52030da20dc0278eae08d6daf0f452eee65536e40aa0

SHA512
948236e926694d63a3ddba1ea5142b188402ad296c53a9039d0c3bd83b633154e37437b886bf10ea4e1f45f6042410a33f67c403370881bff91d64493edf780b

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe

Filesize
382KB

MD5
1ddaccc5c777ef0b90f1d7b50d8abc95

SHA1
f320e2b7457a54fd87edcd143d96e40d638c1ffc

SHA256
ee1371f620d2f55d8ce4e34c8b9668e95f05bf4b7d5a4a500361b3e571ae6516

SHA512
1dedd1ea194db39db90d0b1d4b53324325a7df6d10439543155c65a2bab8970b63b86406620b0723c57c559034d1f403b7822726e64f79cfe5a759dd41b6f83f

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe

Filesize
382KB

MD5
c7ba8b76bfde610a0bcb1c58e0a5ff95

SHA1
88dae4a04046def7c0b0fae78051b31b3d609757

SHA256
00f8b9c575a5701ec7c3a67ea5a4b84fb5971c092050cdcd9d0aab0f8c40c887

SHA512
9be3796e732955e8eea37bf7e8e60ea9516c96a2b6a26487c54324b836395b30bdab308010764b77bd34cb3e0efa5dc53bd08f956f8841eac62e2375ea5cb2a3

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe

Filesize
383KB

MD5
239c1714cbda791c22cf81f2a98ea56e

SHA1
97ffe116d903afe2f72ae7d5207817161bc007b4

SHA256
fa63e487e3ca5755838245c951bb40183dbe182a0a7e6cb55d1484efc7c7a6f5

SHA512
27b3a6b7411ae880f8be9fee6cce09b7f100d27b7813821916013c062e8577be7c5ed520e77c71b84d30a7fe167bdb8d65412732b17acc15065562f85f7c6f3d

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe

Filesize
383KB

MD5
315ce0af5a38a25930321573df9191cb

SHA1
97d26f458c7e14947a4ffa63f804d72af00f2c0b

SHA256
248f692e670d0b8b64898af7ddf0ac6d6cf004ae96498be783f6a35aa56a972f

SHA512
e4ab5fdf42b8735abe43f8de78be1f48563a871955382fc698ef6be4a4ebf8b5ed65afa6003a4878b7a028484c223d334c7c6594ad9b1d7c9b4061e1de32a53a

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe

Filesize
383KB

MD5
6809d283332e808c74a284002488ea92

SHA1
e735bbbda5804bffdeeb76507ae3d9bedae6837f

SHA256
bf85711804a86c82cc161456e3a1efc1a9ef20d8a2acbbf940386f45c6ec52fb

SHA512
9a8e162f06dc7351b27220c9a760652d5b92702c617917649664346f363b5c3e83e27ddc215b9cd24659bf1f96fca6f3e3f5bc10f2e2641353a8b86ed122ce7d

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe

Filesize
384KB

MD5
7b4e4fa7963312612f5be697f3f56d34

SHA1
f551b0b67f4d5f28d669a06b32be8e8854679a5c

SHA256
c7f5a874200a1829148ed62bdaf1470896ddd4779d1e3c2944d5c90370334bef

SHA512
2a64909664e957a8949008c7f8d60713ae5e6c4bc8b75fa4f15eb7adf9bad120d3faa355b027740ce2f1644db60b3f6b199b0c16a92b0f51ee99927464818d75

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe

Filesize
384KB

MD5
37831869accb455b626c26fa5a8f986a

SHA1
ec0d25c4a1307d917451f565e2dd595dbf52052d

SHA256
800a06c39bdcf26f7e3c1a77d1ef90ddd3d9ac18586e9783b83af6911400b13f

SHA512
f2af2547f64855940427cbd270fcf084f342bd15b7e60c7da927cdce65c79d366907cc4f3a19646264b17f28a3ecbf55b5040207034d3b29b5546a61d06faec1

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe

Filesize
384KB

MD5
7c1bedf412678aea18d9012aef763ef4

SHA1
4d143b88e0fef4f7e4f6482c0c133c8ca6306327

SHA256
63d760b291833b1bf86b7f7b80642e01128e69a4462f07eefd73bdb2f92251f0

SHA512
7a9b5546911537d00ea4c5e174b06ea9563f2ee50f02b5005f7beda4b5d16f2ec6f80c92fe9ce283535b5057f8f3aa01eed34884acd61c481cd15255e52e648b

Download Submit
\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe

Filesize
381KB

MD5
2859c0fdbddaad8f0bca3e2d2af51e95

SHA1
33e236c63985d8c90cd6b142a25c7d0f806314d1

SHA256
250e6ed635e0dac66b6bd01d39b410f997a0cd7b0a66051dd8e74a3bab45cf08

SHA512
422b638e21f05b7d8bf66e9750da4d5f65c5d43b590e207863a037953dd0066d630629ec7325f4e5e889caf4424f27e3e58d767b800869c739643e7e7f12dd80

Download Submit
\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe

Filesize
381KB

MD5
d9017157349bb8865ad31ee99553bd6c

SHA1
933a0d3deec8a2026bdd45069bd2fa5fe63725b5

SHA256
81c86d312ccaefbdde5e25529482578bcd81f6a7297878cfebe82a5f9b1ca4bc

SHA512
b8514135607c338a4fb64563c2803f5a1c8788f4b25488c587e9f2e428d2dbf4586ac5b566f43c354b76052160e2b659b0ceed6dcfb9d6306c9db7d5eb797257

Download Submit
memory/688-274-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/688-268-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/764-308-0x0000000000450000-0x0000000000492000-memory.dmp

Filesize
264KB

Download
memory/764-297-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/764-310-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/772-309-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/772-249-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/848-205-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/848-189-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/848-202-0x0000000000250000-0x0000000000292000-memory.dmp

Filesize
264KB

Download
memory/1556-169-0x0000000000380000-0x00000000003C2000-memory.dmp

Filesize
264KB

Download
memory/1556-170-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1556-155-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1608-154-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1608-139-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1616-321-0x0000000000350000-0x0000000000392000-memory.dmp

Filesize
264KB

Download
memory/1616-322-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1688-370-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1688-371-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1724-335-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1724-345-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1848-296-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1848-291-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1960-28-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2232-220-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2352-323-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2352-334-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2464-262-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2464-258-0x0000000000290000-0x00000000002D2000-memory.dmp

Filesize
264KB

Download
memory/2480-93-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2480-78-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2612-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2612-14-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2676-115-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2676-124-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2716-186-0x0000000000450000-0x0000000000492000-memory.dmp

Filesize
264KB

Download
memory/2716-187-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2716-178-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-76-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-70-0x0000000001D50000-0x0000000001D92000-memory.dmp

Filesize
264KB

Download
memory/2796-52-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2796-61-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2800-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2800-233-0x00000000002D0000-0x0000000000312000-memory.dmp

Filesize
264KB

Download
memory/2824-351-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2824-357-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2892-108-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2912-138-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2984-45-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2984-43-0x0000000000260000-0x00000000002A2000-memory.dmp

Filesize
264KB

Download
memory/2988-369-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2988-358-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3040-285-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe\""	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads