42b19763e3e88c288672f0e7b77d5624768ab3226c70c5f9336d9ca04ba57d11

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Size

380KB
MD5

575f5f511668c0578be1dbb9537aed30
SHA1

a074c221b383062c06c5c675f9cb5bd9540dbb8d
SHA256

42b19763e3e88c288672f0e7b77d5624768ab3226c70c5f9336d9ca04ba57d11
SHA512

dd8b032a65f890aa76257f4f207bce7003038e491caf2b0aa906f50bd18606a7bbb6c7c50b57b027e9f4e54fba4d7285d1bb60475852ad2b979e895d8a8b1305
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4DHoxb:rqpNtb1YIp9AI4FR

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
220	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
2576	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
924	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
2708	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
3680	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
4140	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
3736	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
2068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
4376	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
5064	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
1068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
1732	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
1228	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
64	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
1820	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
1600	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
3112	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
4740	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
3704	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
4188	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
2668	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
3784	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
3076	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
3024	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
1552	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
1956	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3c84d0ebb73b3ae2	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 220	2688	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	82
PID 2688 wrote to memory of 220	2688	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	82
PID 2688 wrote to memory of 220	2688	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe	82
PID 220 wrote to memory of 2576	220	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	83
PID 220 wrote to memory of 2576	220	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	83
PID 220 wrote to memory of 2576	220	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe	83
PID 2576 wrote to memory of 924	2576	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	87
PID 2576 wrote to memory of 924	2576	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	87
PID 2576 wrote to memory of 924	2576	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe	87
PID 924 wrote to memory of 2708	924	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	88
PID 924 wrote to memory of 2708	924	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	88
PID 924 wrote to memory of 2708	924	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe	88
PID 2708 wrote to memory of 3680	2708	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	89
PID 2708 wrote to memory of 3680	2708	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	89
PID 2708 wrote to memory of 3680	2708	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe	89
PID 3680 wrote to memory of 4140	3680	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	90
PID 3680 wrote to memory of 4140	3680	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	90
PID 3680 wrote to memory of 4140	3680	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe	90
PID 4140 wrote to memory of 3736	4140	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	91
PID 4140 wrote to memory of 3736	4140	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	91
PID 4140 wrote to memory of 3736	4140	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe	91
PID 3736 wrote to memory of 2068	3736	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	92
PID 3736 wrote to memory of 2068	3736	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	92
PID 3736 wrote to memory of 2068	3736	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe	92
PID 2068 wrote to memory of 4376	2068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	93
PID 2068 wrote to memory of 4376	2068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	93
PID 2068 wrote to memory of 4376	2068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe	93
PID 4376 wrote to memory of 5064	4376	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	94
PID 4376 wrote to memory of 5064	4376	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	94
PID 4376 wrote to memory of 5064	4376	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe	94
PID 5064 wrote to memory of 1068	5064	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	95
PID 5064 wrote to memory of 1068	5064	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	95
PID 5064 wrote to memory of 1068	5064	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe	95
PID 1068 wrote to memory of 1732	1068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	96
PID 1068 wrote to memory of 1732	1068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	96
PID 1068 wrote to memory of 1732	1068	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe	96
PID 1732 wrote to memory of 1228	1732	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	97
PID 1732 wrote to memory of 1228	1732	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	97
PID 1732 wrote to memory of 1228	1732	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe	97
PID 1228 wrote to memory of 64	1228	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	98
PID 1228 wrote to memory of 64	1228	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	98
PID 1228 wrote to memory of 64	1228	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe	98
PID 64 wrote to memory of 1820	64	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	99
PID 64 wrote to memory of 1820	64	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	99
PID 64 wrote to memory of 1820	64	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe	99
PID 1820 wrote to memory of 1600	1820	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	100
PID 1820 wrote to memory of 1600	1820	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	100
PID 1820 wrote to memory of 1600	1820	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe	100
PID 1600 wrote to memory of 3112	1600	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe	101
PID 1600 wrote to memory of 3112	1600	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe	101
PID 1600 wrote to memory of 3112	1600	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe	101
PID 3112 wrote to memory of 4740	3112	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe	102
PID 3112 wrote to memory of 4740	3112	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe	102
PID 3112 wrote to memory of 4740	3112	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe	102
PID 4740 wrote to memory of 3704	4740	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe	103
PID 4740 wrote to memory of 3704	4740	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe	103
PID 4740 wrote to memory of 3704	4740	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe	103
PID 3704 wrote to memory of 4188	3704	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe	104
PID 3704 wrote to memory of 4188	3704	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe	104
PID 3704 wrote to memory of 4188	3704	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe	104
PID 4188 wrote to memory of 2668	4188	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe	106
PID 4188 wrote to memory of 2668	4188	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe	106
PID 4188 wrote to memory of 2668	4188	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe	106
PID 2668 wrote to memory of 3784	2668	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2688
- \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:220
- - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:924
    - - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2708
      - \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3680
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4140
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2068
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1068
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1228
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:64
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1820
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1600
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3112
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4740
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3704
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4188
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3784
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3076
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3024
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1552
        
        \??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe

Filesize
381KB

MD5
d30e58b4405b5960d50b94a7792449dd

SHA1
4a08609ea8212437864c88788c7ef26a9517d48c

SHA256
a76f3aab7c490a2c547203de242efafd1248a35430f732b0bd297873e9b4e146

SHA512
39baee284b97c5198a55c470c886b12acf95af89516837abf3408d1d9c833b6d6613c64eaddd41b6fdc94038c674f2b64733f007b70c2f01d3f5e52658575203

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe

Filesize
381KB

MD5
044ae116b14b21656d037e5e664b5c8f

SHA1
d1971d0269d4b5abb907c2c8d09daa9bed6ee263

SHA256
8a87227c140138198a020125bce1af927bbffe14eba9f3031520828fdf70bd14

SHA512
f9e586fc4c2d886f4d0537077cf384518063c345fb28f3ef65a6f6fb95105d400c9fb0f3792f653b7ee127fd47b3b1189b6e85dec4b6f26ef7a91cfdf3a50ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe

Filesize
381KB

MD5
4c93700a2b8659251e581db84dbbe0de

SHA1
03c16df94315c48c35336aef168447dd84f082b2

SHA256
8a91d7be5899e0bf1b257e00aaa54fdfb2f09cc9d64f28756578d599c249e426

SHA512
29b1eb0ed09a51a91790583ea190933730c6c6dfcbacf23dbfa28b174a010870427fe840de469239d7533508ca85116cfef72ebaf2f5b8cccb15d1b96b884842

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe

Filesize
381KB

MD5
d9017157349bb8865ad31ee99553bd6c

SHA1
933a0d3deec8a2026bdd45069bd2fa5fe63725b5

SHA256
81c86d312ccaefbdde5e25529482578bcd81f6a7297878cfebe82a5f9b1ca4bc

SHA512
b8514135607c338a4fb64563c2803f5a1c8788f4b25488c587e9f2e428d2dbf4586ac5b566f43c354b76052160e2b659b0ceed6dcfb9d6306c9db7d5eb797257

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe

Filesize
382KB

MD5
cd595de91d0951157e367a52e97e28f6

SHA1
13ff9e0e6bb0737ad4ebca5e502e985394636d0d

SHA256
d534fc5f3b14303c43ae52030da20dc0278eae08d6daf0f452eee65536e40aa0

SHA512
948236e926694d63a3ddba1ea5142b188402ad296c53a9039d0c3bd83b633154e37437b886bf10ea4e1f45f6042410a33f67c403370881bff91d64493edf780b

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe

Filesize
382KB

MD5
1c4509d7fc5d5ee040e9fe2839fb07d0

SHA1
ab6922343742e0ed17e69b17044a565434c430fa

SHA256
3c8ce2a772cdecfb11d43fb1d67a94978d795b6acb3976ecb14b282bb4a465c6

SHA512
25703046ac400eeb2cb727318140760a0737c8ef29e88789bd8a020d868916fe7d53bf4f72a23999b37025d8f7de55d0814b3729156cf28af58e8d951b8a9d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe

Filesize
382KB

MD5
1ddaccc5c777ef0b90f1d7b50d8abc95

SHA1
f320e2b7457a54fd87edcd143d96e40d638c1ffc

SHA256
ee1371f620d2f55d8ce4e34c8b9668e95f05bf4b7d5a4a500361b3e571ae6516

SHA512
1dedd1ea194db39db90d0b1d4b53324325a7df6d10439543155c65a2bab8970b63b86406620b0723c57c559034d1f403b7822726e64f79cfe5a759dd41b6f83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe

Filesize
382KB

MD5
c7ba8b76bfde610a0bcb1c58e0a5ff95

SHA1
88dae4a04046def7c0b0fae78051b31b3d609757

SHA256
00f8b9c575a5701ec7c3a67ea5a4b84fb5971c092050cdcd9d0aab0f8c40c887

SHA512
9be3796e732955e8eea37bf7e8e60ea9516c96a2b6a26487c54324b836395b30bdab308010764b77bd34cb3e0efa5dc53bd08f956f8841eac62e2375ea5cb2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe

Filesize
383KB

MD5
2ac26c44b1a45a2afc6686c69ee7cb10

SHA1
afc7915653f293696794b9c868bc3cbeb2670ed8

SHA256
a733ff7168ddfbac5d374cf6f76300f033175e15d97e22c61ec18e6d3a915600

SHA512
a6abd7946c62ad6267451a748527ecd48ebdb3f7cb8a6312db72985c48b031085a796ad3fcc0537a02d044d27be88ea6207b7d91330af0dcfc90eb4259985b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe

Filesize
383KB

MD5
3d01a729900dcc90f59fd9a767a98769

SHA1
76c3082da3689fea1953baaea8f4ece58b6011c7

SHA256
45c9d5aa33ee441f4d809eb86dc411d5b8f6a4a179aaa8f2e0a13dc41999bc1d

SHA512
f3e27c74ebf704f7861312c68ac23ad0bd9987c22d394193ffe0ed9e040c346a0771de04069b8044aaf6661449f197ae9e736ee7974e6eb2b93cc8b2a62049e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe

Filesize
384KB

MD5
66f4aa9700b97c75f1325d1b92a9214f

SHA1
1ae19654b932a3fb673cc2603b874cf3e7dac11c

SHA256
c5b28bf763ab1b9ad34f061930c1a53fbcc0188b2060209f1166c04c66d32b95

SHA512
7d0abd626940aa32eb94112a2a0ecfbd4ce7fa478950eea2c4df3d490bbad1a4f33fff587fcc23ca8b5af63044fab41ccca312893e9d5acf31af70afaef157a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe

Filesize
384KB

MD5
99e0b7643fdeeab460e95371c99d3504

SHA1
80c030e33696fa098dc58ae97c346eef3b322df2

SHA256
b7610d81e340466d2cf60b0200b6f0aaed949693d0015a263850cd488b85c6ec

SHA512
da40dbf35fa3a547e33ca64c84cd83c4010cc0b184bdcf1ed1db7f00403cdcedc55533ff75e3d696c4f6fb83f860ce7c97e1ca3311ccd07e8c98715c04311f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe

Filesize
384KB

MD5
dc13c363b17df0647279b46d94633d73

SHA1
14853b033c7f427f66ebe471b74dad79b66edd8b

SHA256
4f25c9bd48bb47b29339bd6e281d6f3a1c7939ec97f3c237082389906207e796

SHA512
f849786375faa3d2a540c4a766a609c94726fe0940dc1665c1ae828200bef8ff81aa726f7dcbebeb7fbe60f28efa61560a7ef94ee14add48616b94bd326220b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe

Filesize
384KB

MD5
67c8760c8c6ce6e7b2daf92936defcb5

SHA1
6f7b7016e86733085dbd51b7b53b0b3614f0328b

SHA256
58d9d9177e4a9d67023461738650605db2273b976839daf80a04f843c28ca26a

SHA512
1998f201ab9e7dc75fcea56cc6c8a5d261e5207e6e9929a5b31131de6c5d94ba821aaf92495bda51abdc680fb43a16dc44ca70f7ed256cee3eb44e27667cf4e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe

Filesize
385KB

MD5
8d99798ad16592bf3a5b25daaafd2c98

SHA1
ca17510099eee9b48b94bad3f72fada14fcce9dc

SHA256
26a16d6e3af45ba24ff3cf50d3431e2fef505d88059e1f21083ff9d7248559ac

SHA512
d72830a00e7c15fa8eb5532381ce5f951083117736d1ded58fbd931974fe23ee4e6a175db47178abcbd64f0c8a5e5c82634c5cdc458edcba54e01dbb9c1eb3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe

Filesize
385KB

MD5
535218acd9040bc285660a3763849170

SHA1
7f67cfcb91b56b9896f4b23f98bf59926e678761

SHA256
8a8e553aa8f7cbccdc41f5b5630dc537ca2cebd0fe06e10ed1e24dde5ba2b54f

SHA512
0d16c03e3b04cedd1e02f007f6156f4dbbaa36243a12a34e05d46bca28c763b01fe11affb4e67d6babab4985bfe531addd95101f1384c54b763092a318ebca15

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe

Filesize
385KB

MD5
6279ac3c8c009840714f31c0ca081a71

SHA1
cf5a6103b73c6da6842bf6f5749fa9fc003de1cd

SHA256
c39d9d12c8ef17af386370a8f8b1ecd51ffde5bdaadfb26ad146d9e9649f999f

SHA512
ada770d04c7aeb7b81b50877cf039cc1c3fedbdfd12f111f813c3c8a81695adad55ea4fa7da0b7faa08a63c4db0babcd335f4ae10b24905a751a155ee66d4f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe

Filesize
385KB

MD5
79ca4e1f1ff960683e1b42fd506feb38

SHA1
2845dbc8753a73ea049a9c5e3b60210c7f564987

SHA256
e352c1d996015c759078a1fe59297c84cdddfe6f961ba13ed4c4ad0f1388655e

SHA512
0fe7fc771adcc3dc1108eda9bdf73dd4e228fc4d278d30bec6bbd8d3ca7d76f931b07840f8eeb6753705778982d3c19451da69a02fcc4deddc8cc5559d139987

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe

Filesize
386KB

MD5
c4c49af1238fba6952dbb9a30f324b56

SHA1
a78d3504d970c786ffd97cd27591c55393647cfb

SHA256
a7bfd52c922012f213445aa59dd8fc9095a4b83245477066ad12b365ba6a3560

SHA512
3caceeb2c5a4db415b97289c8eca5de949f8695b8105fd50120b164fca9d4c3ec78db9a68a07954c0c27fd4fb5ffd909b9d19415ee280b7d4c45b4557a5f1400

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe

Filesize
386KB

MD5
d927f435db0b0d6426e51dd2655139dc

SHA1
ab4491241a2b61279257aa58640fce52a7613fd4

SHA256
c24dc9140a6859b9fa47a76321daf45c44cfa0ec4c5aa243d822e1a122ab0f7d

SHA512
016fa999e828861303236f9b850e4401307de10d746240f98e3235878c66004bb1e8a635157fbe0a9517471d1e57292d893e881179cfb26a504d18b661c7f34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe

Filesize
386KB

MD5
e735fe7183136873b8de7e407911683d

SHA1
02fce122979186a67b2e868396d330d1c5c14a7b

SHA256
c2fe65954eb166fdb27c6251cf68a72ce222d228458808dc6bbe6b17febc4bc0

SHA512
f512bdcee634aafecb3b3a1c41f326a7b14be1da490c9df6301a6f34222545a6c8c17f959282427b7ced8c08676cafd7e5470d3e401a58e38ffb0206719b2d75

Download Submit
C:\Users\Admin\AppData\Local\Temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe

Filesize
386KB

MD5
86cf9a6191a7f52d1a5fa4b5ad2c3812

SHA1
15ac6d7b8259fa85788c0ea536b7d62adc4cc2c5

SHA256
c14aaa63253fb356ff1dd266eb4176189a6b436f9335b69bb32bdfa062d4131b

SHA512
1b75ab6e4676d5fe93e55fc1f8c40659f3e677817e4e9d36fe66685141ad5789f5642e9f64163427d107e62cc0fc3781116a1c34f28a1224173946b28a7f940a

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe

Filesize
381KB

MD5
2859c0fdbddaad8f0bca3e2d2af51e95

SHA1
33e236c63985d8c90cd6b142a25c7d0f806314d1

SHA256
250e6ed635e0dac66b6bd01d39b410f997a0cd7b0a66051dd8e74a3bab45cf08

SHA512
422b638e21f05b7d8bf66e9750da4d5f65c5d43b590e207863a037953dd0066d630629ec7325f4e5e889caf4424f27e3e58d767b800869c739643e7e7f12dd80

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe

Filesize
383KB

MD5
0d293e39fcffac68a1b3f6b826107df0

SHA1
8f57bf125d53386eee58c0cf898954a49527d772

SHA256
3a01261ced3c222df491b5be0693c3d4a41d9727edc16f44b3379281043528df

SHA512
b2c6ef20ed002d7d4673e1aaad6bd242037ffe90b8edd4a090f95b22784318cac7e55ac31fd9e4f892b8bd9d9c43dc7363212cfd550ae861bd8b4954dea990f6

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe

Filesize
383KB

MD5
b1c723bdcdca1f3e3478582c0f4be0ea

SHA1
5f73a81269bb0dee4737695f632956c32e6fa360

SHA256
ce644776c9aa32047ee963f87ffca550c79bb42b9653efee9dccd3704372898d

SHA512
005c23fc65cd58c60e28018954d823f0b672b6eb18bdc88a82026760ce13386ab3836b804274961456f12e4ba1dbf55a24bcf354a70dfd243bab62b66226c794

Download Submit
\??\c:\users\admin\appdata\local\temp\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe

Filesize
385KB

MD5
5908ffae7e0025069893e403c23ffc32

SHA1
2b2a02bc1db9353febe1470d373e5396941008a2

SHA256
338edad5684316db93485a38a47fbe7c62a241e15d5dcbd792abfbebffeb0e2f

SHA512
8f9f2f6aa9e7c0cc3391d1d2ffe69b4aef76416e5bebefdaafb1eaf472aad62e7bfc283033969e90c5e2e688b8590cedd6f7c9bd12acb38eadc3f0e3dc967d0e

Download Submit
memory/64-154-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/220-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/220-14-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/924-37-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/924-41-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1068-129-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1228-144-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1228-138-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1552-270-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1600-167-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1600-174-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1732-140-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1732-127-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1820-156-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1820-165-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1956-274-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1956-272-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2068-91-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2068-83-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2576-36-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-220-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-230-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2688-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2688-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2708-52-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2708-43-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3024-259-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3024-257-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3076-250-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3076-246-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3112-186-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3680-62-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3704-208-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3704-201-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3736-81-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3784-245-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4140-71-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4188-218-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4188-214-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4376-102-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4740-203-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4740-192-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5064-108-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5064-113-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202.exe\""	575f5f511668c0578be1dbb9537aed30_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202t.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202w.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202y.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202v.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202n.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202r.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202e.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202h.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202k.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\575f5f511668c0578be1dbb9537aed30_neikianalytics_3202d.exe\""	575f5f511668c0578be1dbb9537aed30_neikianalytics_3202c.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads