924ee74aa6264dbe740775a17e396a266ff5154256467692c27c7f99e5c63416

Analysis

max time kernel
137s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe
Size

388KB
MD5

733e21328553c151c4e5f8b9b7dcc130
SHA1

c41a1f80b314ce796f7fad392091da9783016c28
SHA256

924ee74aa6264dbe740775a17e396a266ff5154256467692c27c7f99e5c63416
SHA512

220953abbeaef257c281cff6386de375ccd0afe7db22b5e93d572e1827f720b4fa2c4b492fc1e734c03a3f7e12361f8355d488a375cd689d6ce05b96c32faef5
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDjj:Os52hzpHq8eTi30yIQrDDjj

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
840	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
1948	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
5108	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
1568	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
1968	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
4764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
4152	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
4988	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
1640	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
3720	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
2124	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
4592	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
1104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
2408	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
4616	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
1228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
3340	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
3764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
4704	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe
228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
5104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
4936	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
1912	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
3908	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
2316	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe
4200	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f9a59e3a91e636b0	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 840	2852	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe	83
PID 2852 wrote to memory of 840	2852	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe	83
PID 2852 wrote to memory of 840	2852	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe	83
PID 840 wrote to memory of 1948	840	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe	84
PID 840 wrote to memory of 1948	840	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe	84
PID 840 wrote to memory of 1948	840	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe	84
PID 1948 wrote to memory of 5108	1948	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe	85
PID 1948 wrote to memory of 5108	1948	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe	85
PID 1948 wrote to memory of 5108	1948	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe	85
PID 5108 wrote to memory of 1568	5108	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe	86
PID 5108 wrote to memory of 1568	5108	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe	86
PID 5108 wrote to memory of 1568	5108	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe	86
PID 1568 wrote to memory of 1968	1568	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe	87
PID 1568 wrote to memory of 1968	1568	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe	87
PID 1568 wrote to memory of 1968	1568	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe	87
PID 1968 wrote to memory of 4764	1968	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe	88
PID 1968 wrote to memory of 4764	1968	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe	88
PID 1968 wrote to memory of 4764	1968	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe	88
PID 4764 wrote to memory of 4152	4764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe	89
PID 4764 wrote to memory of 4152	4764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe	89
PID 4764 wrote to memory of 4152	4764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe	89
PID 4152 wrote to memory of 4988	4152	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe	90
PID 4152 wrote to memory of 4988	4152	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe	90
PID 4152 wrote to memory of 4988	4152	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe	90
PID 4988 wrote to memory of 1640	4988	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe	91
PID 4988 wrote to memory of 1640	4988	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe	91
PID 4988 wrote to memory of 1640	4988	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe	91
PID 1640 wrote to memory of 3720	1640	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe	92
PID 1640 wrote to memory of 3720	1640	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe	92
PID 1640 wrote to memory of 3720	1640	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe	92
PID 3720 wrote to memory of 2124	3720	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe	94
PID 3720 wrote to memory of 2124	3720	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe	94
PID 3720 wrote to memory of 2124	3720	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe	94
PID 2124 wrote to memory of 4592	2124	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe	95
PID 2124 wrote to memory of 4592	2124	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe	95
PID 2124 wrote to memory of 4592	2124	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe	95
PID 4592 wrote to memory of 1104	4592	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe	97
PID 4592 wrote to memory of 1104	4592	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe	97
PID 4592 wrote to memory of 1104	4592	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe	97
PID 1104 wrote to memory of 2408	1104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe	98
PID 1104 wrote to memory of 2408	1104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe	98
PID 1104 wrote to memory of 2408	1104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe	98
PID 2408 wrote to memory of 4616	2408	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe	99
PID 2408 wrote to memory of 4616	2408	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe	99
PID 2408 wrote to memory of 4616	2408	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe	99
PID 4616 wrote to memory of 1228	4616	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe	100
PID 4616 wrote to memory of 1228	4616	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe	100
PID 4616 wrote to memory of 1228	4616	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe	100
PID 1228 wrote to memory of 3340	1228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe	101
PID 1228 wrote to memory of 3340	1228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe	101
PID 1228 wrote to memory of 3340	1228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe	101
PID 3340 wrote to memory of 3764	3340	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe	102
PID 3340 wrote to memory of 3764	3340	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe	102
PID 3340 wrote to memory of 3764	3340	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe	102
PID 3764 wrote to memory of 4704	3764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe	103
PID 3764 wrote to memory of 4704	3764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe	103
PID 3764 wrote to memory of 4704	3764	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe	103
PID 4704 wrote to memory of 228	4704	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe	104
PID 4704 wrote to memory of 228	4704	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe	104
PID 4704 wrote to memory of 228	4704	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe	104
PID 228 wrote to memory of 5104	228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe	105
PID 228 wrote to memory of 5104	228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe	105
PID 228 wrote to memory of 5104	228	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe	105
PID 5104 wrote to memory of 4936	5104	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2852
- \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:840
- - \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:5108
    - - \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1568
      - \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1968
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4764
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4152
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4988
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3720
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2124
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4592
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1104
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2408
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4616
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1228
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3340
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3764
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4704
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:228
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5104
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4936
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1912
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3908
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2316
        
        \??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe

Filesize
388KB

MD5
3220a26b2b53a8604b1893f0e691f227

SHA1
10b24de58f2a2d78b25a51058f99036b1561725e

SHA256
91d770c9809d76f63e941d56ee4e47594c8276fb107ed03b2ac10face95e104b

SHA512
7ee3ce91b7d362eb92199a7b6abebdc313ee528606632c25c043359f43b030ec98e34c2cead988e50e2aea54f085010719c47d2ffab8c3acb66fc5760bd213af

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe

Filesize
389KB

MD5
88c3b3bb6a43bedfb89706b867e2e394

SHA1
f5105b1d204eeffe616434e1d010a6b4c5a4982a

SHA256
47a3c408157a044be45fec07d4d416f5f894239dba681d2165309ed0bd710155

SHA512
353936a5e7bc6b4d79e5463132a29ef82c9ef3740bab1ed139bf98ba680fc0b6e02f416ac65398ddd47b00809a2789abf0405586432267ae92dc7c41bd91f374

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe

Filesize
389KB

MD5
9d3346be5315382d21db98bd24386cc8

SHA1
92cbcb43cbb6973f293ecab358b25b4a4d6de372

SHA256
d28422aa42c89b39edab8711df9cea82c10dacf4b10adfbf3953373d5e914c5e

SHA512
701918b5908389b8c0ba911dd72abf30d231387e596988175439dbd38d7421a71f4c5769042364fa7cbbf49f1da42c8147175537e0060adda9d8c802265fc73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe

Filesize
389KB

MD5
f79878a5fd2e4fb87362ecdcee73b522

SHA1
2aeda4ec5ac3d0fd58dec54b0ccdd6da78d96a9b

SHA256
90a88168d687d4abbeb5d850f7c1fc1e7f3672571bfd2da26206f502451343e4

SHA512
762c15f6126cec9f4b3c8ef7c13f0e5cbda38e1b77b2c595d7ec3028616f376ecfd4b658bd90a92fb0f8d9018231ecae3b06e2168ab81d5227290c39c38278c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe

Filesize
389KB

MD5
686f31b67db44bc550f5f4f65a5699ac

SHA1
f272ba49f3db7988c9afc58ac5782e9a2eaa5119

SHA256
123bac200c58dba687dcf1a1aeae28b7bbfeec32f557439f402f5487a8269f4a

SHA512
2ea77ae2c8b43e02b3b3382cb43ed48537bc48ab74c2783fcd2130d55d0dd6668d420345d5cca097df7cef1aae3dc35b40a09c4c9ac70c8b9da5962da8a3b40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe

Filesize
390KB

MD5
7739311910654f778fe9b89315f05175

SHA1
e708531363943b2207905bfc010831097acc733c

SHA256
db292e8494c52e1744500610d86fc2d9dab7ed55bc90f083f454850333e4cb35

SHA512
cfdf9ccdbf85f02641f811d52fe32dc6c616d98ddfa5a834da981d0533cd5a2f2fcc38f155978354f4d94c8629de6a90311c5641ba5f937afeda7d924556c6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe

Filesize
390KB

MD5
c0aaf8fab70ad2ab691ef290c7931cbe

SHA1
17f0ca1703289ab33a9bc918f4680a8b62712b80

SHA256
db89248790391ab95b997d22a81c84c3adb34a26d46e340c5f7ec517ca5532a2

SHA512
7950607301f5adf638bb8648100b4be5cdb4eb2754fda92c583d3d57faa42787c303b1db380da75d66006bd50a01c9d488504721dea8ad2b9bbf1a95c3903880

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe

Filesize
390KB

MD5
03a77651f69c216f31b4a6511c33eb3b

SHA1
bf4d432f3d85568b6dd4606d9d0bf324366f9e06

SHA256
0e0774215931e2a5f1f3abdc17eb9b5878dbb6d121c32fbef01ef97d9a676934

SHA512
26ea28f4694d6d45d8dcae4a4c6e4ca40a086b8ba4c474ea993d3c5882d2c2a9be7a53dba8357b33f1c96fbd4d12f55b9ccebf5fb1407128d8c70616dc310226

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe

Filesize
390KB

MD5
2eb09f428b702f68ee75ae60b28e7f6f

SHA1
85b22e1e57318154d5ce3b0dbbbbdb4b9da85d92

SHA256
45a65dc73d77d7351e6afa30b4d2fe7103a256558244b09bd001b3d5fb8c771f

SHA512
bbb736f55f2a232ce5812a95276e9a8eac60782f1338c83786b218b40c8b9a21dd912d544925ed23012f340805b9d78dd23095dff073fbf9294cb5b09cd9cae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe

Filesize
391KB

MD5
c19893271cb8472fd8b8a491a69c2ed5

SHA1
353e632b0eb0027655d1cebe74d7d70e5f2f2d76

SHA256
6b4589c112de0c5c94c61e45d370149f907a29fd4af82d87e2ae86081e059e36

SHA512
a2512cda88f6228329d227798464399c73e0ac93255f95b796788d809be497af833ff51f2a802884bac38f753ac88087404c162693739a1d74707ded1fe9fcf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe

Filesize
391KB

MD5
90ea93c02e2e4212b8a3a916d05e28c7

SHA1
0787eaaf94f2b609337df390822222cb46bd68f3

SHA256
d8b1cf107507bc38be0e4582fc502a8bd314d630654b321421aa656452ed694e

SHA512
d6c26d65b5ccf7f8b89a45d9c6cac536ac90ad6bbdaa3b38500368c1b37bd02c157e26661aa676d08c6a907a2821bb0a907acab166af45e60f2c1616468be083

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe

Filesize
391KB

MD5
48aabb7f1a7ac0903412018161f4bee0

SHA1
c7d69fb3d929592bf9bb4e23471e432ff16de21d

SHA256
31ff313fd378998fcca826a8d1f4caf37cbe956d10bed391419e36c26f17e473

SHA512
7d941109f1956bb0ae6beb454c28b348855dd80abe490a4b52674afbdeb46a557d52fb238e9c520cdf3b176ee0b108aa49b0e9e61083d77f36194034d9175c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe

Filesize
391KB

MD5
19e683aa2fe468741c3e5da400207850

SHA1
a1a06413ab0064d5279be1505380dab12a363b60

SHA256
b7ed26f5c7f61b92e5557c3e63be4d535484d69c8a865b7b213b1141d0898735

SHA512
fc02373b8dac2c94d0ad57990d8febf0f22d446beaba15badd42289e90ccdd8f66a5650e6c6c730644665f5f5a1e91ba5763d8b11ed25c76aaf9fa60f0ae9db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe

Filesize
392KB

MD5
6b9f5ce6bd536801333bf953b1c817a4

SHA1
3b382229594e1aca9c8091dfc7e9c52fdc1266b0

SHA256
526c83c36ab4e41b6e8297aa6265ab99b5f29506875d2ba959b0126e05f55511

SHA512
1b52750119c52d5e5d6393d1a118b7ccffe5f118e5cf1cac5e89727ec2d562eb95e7f7c815d842709d67b0d5980bd2207d766c411e22bf9a70bb4865cb62ec4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe

Filesize
392KB

MD5
a61ad9089d6785f3afdf73d36c687620

SHA1
1c4fdfccc9711c0dead267cc1eb18ff45d6519a1

SHA256
056be69b619620501a09bec127785c00b25c80d7162d3d2f5a9e8f06629869ec

SHA512
19404d5c985da46ca7100ef4aa2cb640a9ff3f588edf48e67f51036fbeaefa0365acb3dde77ecac1673f9936140ad30842ae79294ca9758d403129566d7c1468

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe

Filesize
392KB

MD5
6fccc47d59a54a96224afbf73d483d47

SHA1
86b2faba583987be1b81a23294f554b4ee143454

SHA256
52e230f924ab090bb4daa3374b779a108c274525821b07c783018c3cb2b5cc70

SHA512
66a8a58ead4e476b78f1f9a101017c4a2b0c92ea4f11c07a448b9e800575ffc4829ba667e3eb4ebf874d36f6a604c3d6da8c4b948aaa43b556f763e2775ee6e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe

Filesize
392KB

MD5
f876c38f76127b0a12288be1712f380c

SHA1
8fdacf5d5e4295e42c6d82f462c6f6ff02cb3b30

SHA256
295f0843c1a9b78afaf27bef00206f1fb94392410f332113d24ff86c3992aba4

SHA512
a39f82d4f114f0b1b473adff09949a2c7ca1f053954e45391fec3fda3eca395b9bddfff7c57799fd4b839c181e9548334b4e43eac6211a02b4e61d5dae173518

Download Submit
C:\Users\Admin\AppData\Local\Temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe

Filesize
393KB

MD5
ff00f838e5738efc7bbd2866e9a56d39

SHA1
8a0244b16577ca5e00e32b26bf6ad178d7914add

SHA256
a85d9d73e6f3d96bbabaa69a47add2b419a5a0f7aeeb5f681c3e0a3caeae8085

SHA512
298b551787417badd9482cd2a664f259baf79488da7a9ea88c1bb05e823195780624091116a6d24a7b816f378785afaa776a1a552698f4ee6aee9aa08f720abd

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe

Filesize
390KB

MD5
ca2182170030834d486e27a7b67fa374

SHA1
57af139c3d299532b3e04f6d3046a37811e764c2

SHA256
5f1307058fd0c4817a3d91d338596fe1643a9d9e7e92db49c8476d8df00be244

SHA512
cb7b0afe7251ad426ffe3be5fb8a65504cfac796c9379a458571da251ef94fb0e850ff8c32a6ed25ece386f64105b3bb20658d8b9eb334148dd99c717d00925f

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe

Filesize
393KB

MD5
9c6493edf3d1f35c2ac3f27fa5d1b69d

SHA1
c07f4b08263be3f9380134ef85f319e3bbd39ca4

SHA256
3681b5af115f45514bf2fe1b6ccc43329f3bc10728712a9c890be86033a9b86b

SHA512
6410b3125afa11d5c4ad377a93fa274ee1dd079da4d65ecd336738377b649289bbb7de2e54e6c4460a4f549d7db48aac8705934d77c1e6005180850def165dcf

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe

Filesize
393KB

MD5
9e1655754112aea397861e13c705fd60

SHA1
17154d570722c96e22e4a41e99bfd4b03ce8c4d4

SHA256
1fb31f54b08daa8d145ea1f38ff3913856ee0bf835d5c0e2a9b5f7123c1185c3

SHA512
3d54702977f7d8b692700402231887e94c5d83dba037b03c441929c045174fb666e15545a700bd4c23d16d416ddd7a61b72c2fd9ef6f8a81e153d58fde843524

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe

Filesize
393KB

MD5
787c664d5dfd33dda97b51edbecdf7b7

SHA1
e2365ab0dbc3b4946f318d87d92cf64cfdba5eb4

SHA256
f88f38884fa77c0c7302bf353e5abb1b1968808f50a64afc36ca871a31a150aa

SHA512
f14cbd4f6b40354f5ab7815c2d234ceb0819ed62a7b556a09c267bf99e6fdb57d4283decf6dd27cc3765da0b04d5718bbfdcdeca3ae654850a6be786692caa92

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe

Filesize
393KB

MD5
544ee673d4fc7044a2bddc1a073e5760

SHA1
4a49453ff1b3cb4bcb6782850ebfc2216c3fb1e3

SHA256
dc6341c81f03a4bc9410804aab70bcb1fd3028be399885757954519dae6cd1c5

SHA512
b68d6e8612ac7b9dbf77ebd30f83a00e630904d93446da5c86ae32ac059a20c3c60fc3ce87e1d0c445ffe4d518e828474c846d1224822d985c3d5a2582dc8e27

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe

Filesize
394KB

MD5
bb96efb4176c3caf528560fdcc65223a

SHA1
1c688f5201e6a96b585a309ddddd71ad7e203639

SHA256
90c4b5c45990be908c649ea0e02c7c5f244cb7f76d76a9e616a091e0aa6e786e

SHA512
b21bf375229aafe011c759e3a880eb2b739dc31ec6f5086af21479e19a6a3e16f12a9adc8ee486f599e4c44853e5ea535c4aed407c9cbca98cd90625017d2aca

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe

Filesize
394KB

MD5
92ca809ed2b8953fbb10c214d214f112

SHA1
9c13893a4ab8d9ea31930f86628c21b7a7d62eec

SHA256
4c069465ee8f49df38edc62f8dc35f179a33859ed0f3e60a1866e445c13821a0

SHA512
707a0e9585b49e33c22a008fd8f33f3a5695089132b0dd1a74481ca230ee67b751167036fe517cadeb9a24d51f8d78b6d5f96085474dc6839855c64bebde2910

Download Submit
\??\c:\users\admin\appdata\local\temp\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe

Filesize
394KB

MD5
db94592d05aa48b8c1af96b88c331b8a

SHA1
3f50064d67885ee4cbaad9dfbbe7cbf3dbdb6c24

SHA256
6b50a7b34dc0f693cfa4a1b097558768b9e4156723af7b383e7eebdad278b241

SHA512
4f65c7bc00b1b158f4798ea6cd563d8f78c6fada42ab7d9ab50bcdb52ecea760b6532fcbc9258e319dc101da2b6506bc6eb9ceb53fb194b5dcd920c27052e1b9

Download Submit
memory/228-205-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/228-215-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/840-20-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/840-16-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1104-139-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1104-132-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1228-170-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1228-162-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1568-52-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1568-44-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1640-100-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1912-246-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1948-27-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1948-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1968-61-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2124-120-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2316-266-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2408-150-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2852-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2852-10-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3340-182-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3720-111-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3764-193-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3764-183-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3908-256-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3908-247-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4152-81-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4200-269-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4592-131-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4616-161-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4704-194-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4704-204-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4764-70-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4936-235-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4988-82-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4988-90-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5104-216-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5104-224-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5108-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5108-43-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202s.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe\""	733e21328553c151c4e5f8b9b7dcc130_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202r.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202w.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202n.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202q.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202i.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202k.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202p.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202v.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202f.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202h.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202u.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202b.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202m.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202y.exe\""	733e21328553c151c4e5f8b9b7dcc130_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads