b1846f89afe6887554265db25b5f9a89b83e7b47e4928e15952258fb9c2c00c1

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe
Size

278KB
MD5

5b2940c1f734c625eba22b43729bccb0
SHA1

65e7cafbeae5eb5b1986afc5b6caef1445e63b91
SHA256

b1846f89afe6887554265db25b5f9a89b83e7b47e4928e15952258fb9c2c00c1
SHA512

8820e311af9372995b44a61a202d64209ced6f6b310b82ddddc7705470858c5b5d1d2bcd509a6c88e2e57334e312c93acbe1548cede7f8b712def137f658ceb1
SSDEEP

6144:vhbZ5hMTNFf8LAurlEzAX7oAwfSZ4sX/zQI:ZtXMzqrllX7XwoEI

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
4984	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
2840	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
4120	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
4124	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
1356	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
4928	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe
3320	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
3812	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
4960	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
4008	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
1708	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
4224	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
1532	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
536	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
1548	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
4876	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
2828	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
1644	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
2352	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
4628	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
1672	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
4872	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
4484	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
2384	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
4884	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe
3712	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3108-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023251-5.dat	upx
behavioral2/memory/4984-8-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3108-10-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4984-18-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2840-28-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4120-35-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002325a-44.dat	upx
behavioral2/memory/1356-47-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4124-46-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1356-55-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4928-56-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4928-64-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3320-75-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002325e-82.dat	upx
behavioral2/memory/3812-84-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4960-85-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4960-93-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4008-103-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1708-111-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023262-120.dat	upx
behavioral2/memory/1532-121-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4224-119-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1532-129-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/536-132-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/536-140-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023265-148.dat	upx
behavioral2/memory/4876-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1548-151-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4876-160-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2828-161-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2828-170-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1644-179-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2352-187-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4628-196-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002326c-205.dat	upx
behavioral2/memory/4872-207-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1672-206-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4484-221-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2384-232-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4484-226-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4884-236-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4872-224-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2384-242-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4884-246-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3712-247-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3712-248-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 5fd1fe9990ae3084	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4984	3108	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe	92
PID 3108 wrote to memory of 4984	3108	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe	92
PID 3108 wrote to memory of 4984	3108	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe	92
PID 4984 wrote to memory of 2840	4984	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe	93
PID 4984 wrote to memory of 2840	4984	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe	93
PID 4984 wrote to memory of 2840	4984	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe	93
PID 2840 wrote to memory of 4120	2840	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe	94
PID 2840 wrote to memory of 4120	2840	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe	94
PID 2840 wrote to memory of 4120	2840	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe	94
PID 4120 wrote to memory of 4124	4120	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe	95
PID 4120 wrote to memory of 4124	4120	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe	95
PID 4120 wrote to memory of 4124	4120	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe	95
PID 4124 wrote to memory of 1356	4124	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe	96
PID 4124 wrote to memory of 1356	4124	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe	96
PID 4124 wrote to memory of 1356	4124	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe	96
PID 1356 wrote to memory of 4928	1356	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe	97
PID 1356 wrote to memory of 4928	1356	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe	97
PID 1356 wrote to memory of 4928	1356	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe	97
PID 4928 wrote to memory of 3320	4928	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe	98
PID 4928 wrote to memory of 3320	4928	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe	98
PID 4928 wrote to memory of 3320	4928	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe	98
PID 3320 wrote to memory of 3812	3320	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe	99
PID 3320 wrote to memory of 3812	3320	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe	99
PID 3320 wrote to memory of 3812	3320	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe	99
PID 3812 wrote to memory of 4960	3812	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe	100
PID 3812 wrote to memory of 4960	3812	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe	100
PID 3812 wrote to memory of 4960	3812	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe	100
PID 4960 wrote to memory of 4008	4960	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe	101
PID 4960 wrote to memory of 4008	4960	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe	101
PID 4960 wrote to memory of 4008	4960	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe	101
PID 4008 wrote to memory of 1708	4008	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe	102
PID 4008 wrote to memory of 1708	4008	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe	102
PID 4008 wrote to memory of 1708	4008	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe	102
PID 1708 wrote to memory of 4224	1708	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe	103
PID 1708 wrote to memory of 4224	1708	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe	103
PID 1708 wrote to memory of 4224	1708	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe	103
PID 4224 wrote to memory of 1532	4224	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe	104
PID 4224 wrote to memory of 1532	4224	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe	104
PID 4224 wrote to memory of 1532	4224	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe	104
PID 1532 wrote to memory of 536	1532	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe	105
PID 1532 wrote to memory of 536	1532	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe	105
PID 1532 wrote to memory of 536	1532	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe	105
PID 536 wrote to memory of 1548	536	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe	106
PID 536 wrote to memory of 1548	536	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe	106
PID 536 wrote to memory of 1548	536	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe	106
PID 1548 wrote to memory of 4876	1548	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe	107
PID 1548 wrote to memory of 4876	1548	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe	107
PID 1548 wrote to memory of 4876	1548	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe	107
PID 4876 wrote to memory of 2828	4876	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe	108
PID 4876 wrote to memory of 2828	4876	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe	108
PID 4876 wrote to memory of 2828	4876	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe	108
PID 2828 wrote to memory of 1644	2828	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe	109
PID 2828 wrote to memory of 1644	2828	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe	109
PID 2828 wrote to memory of 1644	2828	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe	109
PID 1644 wrote to memory of 2352	1644	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe	110
PID 1644 wrote to memory of 2352	1644	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe	110
PID 1644 wrote to memory of 2352	1644	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe	110
PID 2352 wrote to memory of 4628	2352	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe	111
PID 2352 wrote to memory of 4628	2352	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe	111
PID 2352 wrote to memory of 4628	2352	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe	111
PID 4628 wrote to memory of 1672	4628	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe	112
PID 4628 wrote to memory of 1672	4628	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe	112
PID 4628 wrote to memory of 1672	4628	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe	112
PID 1672 wrote to memory of 4872	1672	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe	113

C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3108
- \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4984
- - \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4120
    - - \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4124
      - \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1356
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4928
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3320
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3812
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4960
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4008
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4224
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1532
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:536
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1548
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4876
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2828
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1644
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4628
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1672
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4872
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4484
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2384
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4884
        
        \??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2824 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe

Filesize
278KB

MD5
3ae185cf80b64c63c4a189eb4d51884b

SHA1
4048fa3070f8dd1f78e20af7a156e4ced727dd48

SHA256
288efe376f960638023ec3f440b4833f2704e8ca1903b89b05cd4f79178ab728

SHA512
59fdb01253e903145e300a7194b098e0104d971b417ce63d26b35cde130c50838d5b018ed5de05f931d9de076b807e066e39ef2263cfdccdf9104c1a384db9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe

Filesize
278KB

MD5
49ff17acd709673d1f81f5172077fe40

SHA1
f6a612b08a6ef3b1f379a93844e37449c8d0b749

SHA256
eccd9a394e4c3f50c8c84a2f37f5b83bee0aed6e485164f0a9dc38efd470a45d

SHA512
0493de005eeb3ffb542b90747bd317cf9bba57db793fb6d8647cd4101a4c8a1133f609f485b6e88cef65ad3377c1150fddaf8f8cd5a98ee2d79328a60dafdb74

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe

Filesize
278KB

MD5
639072d005d1504a6ae8c0acea917a01

SHA1
4d22341d8c1d8991909b52ca426846a8d005f818

SHA256
bcc438fcb20b971c2ca83accc612aba81eeb191ed78e5aade823f7fa64f679ce

SHA512
969f55bc045b71259691bc479405a1c603a4306b74a5470a8cf07b94d99d2b703e150859fca50f2c7fc23726ecd135939d6ee92f5657aa77c16fdbca5d897341

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe

Filesize
278KB

MD5
44b3cde65721f7071d2ea52c315c6e9d

SHA1
b6c8b2ae8902d3a7c4163d1d1a7a98d83a298807

SHA256
f9aa7a4898309ec7189683d7f6283117f0a629eeb671560279d54c83939d6765

SHA512
13e57ddef5a19b5f9b9eb9b3a38e6a62593f7ba9677c298739a262b216beda32d53eab9fedf487ecd19f9844f3544c2aa820ab6075ed9b808f32f1a146493f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe

Filesize
278KB

MD5
f7b533162ae8d61779b66c2692d33c5a

SHA1
7788782c8f8dd4eaec7872cd1d6a48c64e11e0d7

SHA256
16658346541d50ec459411e089d55e3b9fc0abbe7c7dcabc34b2d96fc57b4f87

SHA512
24a18fc8180a44f4c8e2b91db81247bf8d9f7a3cc0d7a22e42470c1a330914c7376c4357ccdff81830e83cde575285bb15d7c3b8bea82dd46fefee76eae1783c

Download Submit
\??\c:\users\admin\appdata\local\temp\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe

Filesize
278KB

MD5
f8762f124b86c7aac0978c8b149ce9c4

SHA1
3a5fd3de05cd6839547746f26ef6887378d2debc

SHA256
8f014182a7fb67ca4ba7dc10ba385be0520929596a9b6fb52419d9892ce17974

SHA512
610750e19a8364ceb33f3fbb350c07916f84adfeccaedb036b68f2575cb5439730bbc57c27d4b93d49fd0719a72412872cc93824a861d0a8597403e6bb81393a

Download Submit
memory/536-140-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/536-132-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1356-55-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1356-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1532-129-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1532-121-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1548-151-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1644-179-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1672-206-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1708-111-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2352-187-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2384-242-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2384-232-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2828-170-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2828-161-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2840-28-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3108-10-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3108-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3320-75-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3712-248-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3712-247-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3812-84-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4008-103-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4120-35-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4124-46-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4224-119-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4484-226-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4484-221-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4628-196-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4872-224-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4872-207-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4876-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4876-160-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4884-236-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4884-246-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4928-64-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4928-56-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4960-85-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4960-93-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4984-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4984-8-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202p.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202s.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe\""	5b2940c1f734c625eba22b43729bccb0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202a.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202d.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202v.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202j.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202o.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202g.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202y.exe\""	5b2940c1f734c625eba22b43729bccb0_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads