aa5531dea2ebdfb6e2c187ffeee0c37a0a976211f39b31731176bbbc2a178ac1

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Size

486KB
MD5

7cc3113a7ebc985f543446d5a484c840
SHA1

76851e46fd6287bcff9efd0b2203153d8cca4648
SHA256

aa5531dea2ebdfb6e2c187ffeee0c37a0a976211f39b31731176bbbc2a178ac1
SHA512

d3479594d7d14dbbf27e0a1e003fc5bf2048ece7fee0a99980fe2f64bc83e6422c34be6052cf03115bae59ec970afb74f1b6f59b0b784b755ed40219696cf044
SSDEEP

6144:vhbZ5hMTNFf8LAurlEzAX7oAwfSZ4sXUzQIlJZl4xlTL:ZtXMzqrllX7XwfEIlJZ2xlL

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
2944	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
412	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
1812	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
1580	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
616	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
2216	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
2236	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
2380	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
1768	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
1868	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
2944	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
2944	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
412	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
412	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
1812	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
1812	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
1580	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
1580	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
616	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
616	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
2216	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
2216	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
2236	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
2236	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
2380	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
2380	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
1768	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
1768	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000a000000013a71-5.dat	upx
behavioral1/memory/2988-20-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000b0000000141a2-24.dat	upx
behavioral1/memory/2540-30-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2988-28-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2392-12-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000014539-37.dat	upx
behavioral1/memory/2540-39-0x0000000000350000-0x000000000038A000-memory.dmp	upx
behavioral1/files/0x0007000000014667-53.dat	upx
behavioral1/memory/2644-52-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2540-45-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2644-59-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00070000000146a2-67.dat	upx
behavioral1/memory/2052-75-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2912-89-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000a0000000146b8-88.dat	upx
behavioral1/memory/2052-73-0x0000000001D00000-0x0000000001D3A000-memory.dmp	upx
behavioral1/files/0x00090000000146c0-96.dat	upx
behavioral1/memory/2468-104-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/3028-105-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000b000000014825-112.dat	upx
behavioral1/memory/3028-118-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2796-120-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00070000000149f5-127.dat	upx
behavioral1/memory/2796-134-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2696-135-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000014abe-149.dat	upx
behavioral1/memory/2696-148-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000014af6-156.dat	upx
behavioral1/memory/2888-170-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000900000001448a-171.dat	upx
behavioral1/memory/1456-163-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2888-178-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2820-179-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014b31-186.dat	upx
behavioral1/memory/2104-194-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2820-193-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014b70-208.dat	upx
behavioral1/memory/2104-207-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014de9-217.dat	upx
behavioral1/memory/2036-221-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000014ef8-236.dat	upx
behavioral1/memory/336-235-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/640-247-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2944-257-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/412-258-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/412-268-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1812-269-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1812-279-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1580-289-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/616-299-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2216-300-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2216-310-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2236-320-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2380-330-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1768-336-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1768-341-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1868-342-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b5de311007a49176	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2988	2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	28
PID 2392 wrote to memory of 2988	2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	28
PID 2392 wrote to memory of 2988	2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	28
PID 2392 wrote to memory of 2988	2392	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	28
PID 2988 wrote to memory of 2540	2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	29
PID 2988 wrote to memory of 2540	2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	29
PID 2988 wrote to memory of 2540	2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	29
PID 2988 wrote to memory of 2540	2988	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	29
PID 2540 wrote to memory of 2644	2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	30
PID 2540 wrote to memory of 2644	2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	30
PID 2540 wrote to memory of 2644	2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	30
PID 2540 wrote to memory of 2644	2540	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	30
PID 2644 wrote to memory of 2052	2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	31
PID 2644 wrote to memory of 2052	2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	31
PID 2644 wrote to memory of 2052	2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	31
PID 2644 wrote to memory of 2052	2644	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	31
PID 2052 wrote to memory of 2912	2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	32
PID 2052 wrote to memory of 2912	2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	32
PID 2052 wrote to memory of 2912	2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	32
PID 2052 wrote to memory of 2912	2052	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	32
PID 2912 wrote to memory of 2468	2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	33
PID 2912 wrote to memory of 2468	2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	33
PID 2912 wrote to memory of 2468	2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	33
PID 2912 wrote to memory of 2468	2912	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	33
PID 2468 wrote to memory of 3028	2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	34
PID 2468 wrote to memory of 3028	2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	34
PID 2468 wrote to memory of 3028	2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	34
PID 2468 wrote to memory of 3028	2468	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	34
PID 3028 wrote to memory of 2796	3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	35
PID 3028 wrote to memory of 2796	3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	35
PID 3028 wrote to memory of 2796	3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	35
PID 3028 wrote to memory of 2796	3028	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	35
PID 2796 wrote to memory of 2696	2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	36
PID 2796 wrote to memory of 2696	2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	36
PID 2796 wrote to memory of 2696	2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	36
PID 2796 wrote to memory of 2696	2796	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	36
PID 2696 wrote to memory of 1456	2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	37
PID 2696 wrote to memory of 1456	2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	37
PID 2696 wrote to memory of 1456	2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	37
PID 2696 wrote to memory of 1456	2696	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	37
PID 1456 wrote to memory of 2888	1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 2888	1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 2888	1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 2888	1456	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	38
PID 2888 wrote to memory of 2820	2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	39
PID 2888 wrote to memory of 2820	2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	39
PID 2888 wrote to memory of 2820	2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	39
PID 2888 wrote to memory of 2820	2888	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	39
PID 2820 wrote to memory of 2104	2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2104	2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2104	2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2104	2820	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	40
PID 2104 wrote to memory of 2036	2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	41
PID 2104 wrote to memory of 2036	2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	41
PID 2104 wrote to memory of 2036	2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	41
PID 2104 wrote to memory of 2036	2104	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	41
PID 2036 wrote to memory of 336	2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	42
PID 2036 wrote to memory of 336	2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	42
PID 2036 wrote to memory of 336	2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	42
PID 2036 wrote to memory of 336	2036	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	42
PID 336 wrote to memory of 640	336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	43
PID 336 wrote to memory of 640	336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	43
PID 336 wrote to memory of 640	336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	43
PID 336 wrote to memory of 640	336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2392
- \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2988
- - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2644
    - - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2052
      - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3028
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2796
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2696
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2888
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2104
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2036
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:336
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:640
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2944
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:412
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1812
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1580
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:616
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2216
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2236
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2380
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1768
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe

Filesize
487KB

MD5
92a87a11f2327deb2ea6c1d6c968e43b

SHA1
5c7298f8244afd69d4fb44d039df9363d8019b73

SHA256
3664971889bb2744ea9d58fc4df1979c3525ccbf985cf339fb0fd5a3f602e26d

SHA512
559db8c5356942d17c1f7673292b1060c953444ac696bf4d91b21ffa8a700b8c865bddc1fb5954a7b6d6acf02bef67608dbc44548390f452448c5c2ecd31d46a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe

Filesize
488KB

MD5
efdd37d7e02efd8cfcb4ddefe1704c2f

SHA1
fe9e4d16703744678211c2f0183bc2f2f50c0e22

SHA256
e0726addd3e14e36cb3e92e774df75d3f901e688113f9d3a94eccffa64fc28d9

SHA512
b846e4a0b894b7b762015b557f37631fdb2bac2aeeaeae5f4c321ca7fc38535d4650b0ad54c6ac44aaadc96629fa63530b322141711252de16acf4bbcac02abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe

Filesize
489KB

MD5
697e0b5ea1527e6ac28ab879068c9697

SHA1
afded486e9ea6d4f921c2dc23913005e96ec260c

SHA256
b31e35ec0c8698ca8a9ca8b12ef6c7a7321910342d7a34d4d2627baa43e188bd

SHA512
c51ee1fa07341f0013d8e85f19a7267dcb0fcf53f20c85eb14168175c806f772e05d234d62b522dabe727486ef93c2fe8e86ba19e37cdd90c850cefaa27a469c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe

Filesize
490KB

MD5
04894c1c0b66ce56bb67068d4c3faab5

SHA1
1e3f6cb47e4012a53a57e926d76ed91fc6be17d8

SHA256
ab4bd6271a2ecc322a27cce696477c241a32de726e0e32916ef018282a8082cc

SHA512
706b4654a0ad4263188356251a745addde00524b8e5b1e814093c28a8f27bf33a723d410ddbaa27d2b802ec25cf8d2dffe996786580f0905e255a8be4d4e89d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe

Filesize
490KB

MD5
275d6199cea98bb4141f0c2081d7cb04

SHA1
1e09048683701c74b9bf6f7cf20d04cd1ec27e5d

SHA256
cf735f14ff69461134126ba2a0168e9ddf909f993da12123b99c0c218e6717c4

SHA512
288ca3669c005dc5c75646b7ecc19ee03aae95f8af9309635215d7ab31b3fffa87e725b4a02a37a63541bebaeac5f8ea59facb860671d56d4b1e0682f6550a1d

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe

Filesize
487KB

MD5
0b0fe89ba176d65feeab209b51f72e15

SHA1
f450cfb8678ef22194be97efdda91e3fd07cda3f

SHA256
41e804b839e10a1366b05d58a94f20c06bb13753df28545b65491110fc5c8b37

SHA512
51c496e4850eea99a56872b31ea7deb8f54a05106fd5f8762d01d0c3a67b5651bf8d2a5b03c45d8c73c5b7677fdb6d38bb2083b5fa9538c617722edc4e83c17c

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe

Filesize
487KB

MD5
1732f9a2bb4d49b3bfe9f5383e32cc30

SHA1
6d6e1ef0c99304325e8312605ad9f1c455a8a169

SHA256
a537e1ad636a93b05bb6ccb92aa2d7b783399cf6fab376a2bc63912317cfb1df

SHA512
15a42897c3fd915fe17d4c535c5e8192e97bd4949f0a380b5e980c41b57739898c540982438915bf44c1689d8881be9506d90fea30c623f64dae7bbdcce0fa1e

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe

Filesize
487KB

MD5
483521cd8b29e25e0f33dad7e165a1a5

SHA1
a0a73f3271c8a61be344af8e77502b7c7137993d

SHA256
bb55ed0c33eacabd0a53d62c035fc670236abc89a521b9270dc3250228cba30a

SHA512
1f40d210110ecedb4aec6de798e6f52628ea2d5acef9192583c2b4448055f1b244eceac160d0728b10b9e866d6e816e5f6a166b4bb8e48b15b8d1277ed565783

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe

Filesize
487KB

MD5
b986bca3b8890d85fd54dad661855be8

SHA1
2b6f599286c1979f207e7f44ed24c97fe3cf3322

SHA256
eff650333ee822e51dd0d8931cd456445e814dda26edd19c7317b7926e4adfec

SHA512
1c212507c4a6f3aa56acd92d89abf10d5cd44e7b567ed7374cbc18694555e0675ec72cfbeced74c2855487e9958110ac368c4dfb44becf9759c218cebfd9756f

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe

Filesize
488KB

MD5
382a90406faf9d49acf697c6067d5ab5

SHA1
af07fbb18684d366a18b4c6187f05ee627139e94

SHA256
33e7edd497e6879e272951814b771590873200bda9ba8a6c5fb83a60adca8a99

SHA512
759316da13d75d700489c27fa822f56b4872ee3e148052082443ad13db245f43bcd682f6101a1543b74c846e8b7723e156ec09df3eac37aa95759457717098c1

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe

Filesize
488KB

MD5
6251c6515d90637f3ee064ce9650b791

SHA1
e37cf0bcb9e13f7eec951afe84e65a6c99874cf3

SHA256
fa75851893d7200820ad37a25d4313d707da4a30dd951d1cd33ebf1d8efffafe

SHA512
a967f87469580f72f47f12f6b64106f50b2f6e8bbc2e51f711323fef98344e6ff0e523d3c3ead815abe7e56ad55e04e636bd76d47b0bd858beb18814025c26b7

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe

Filesize
488KB

MD5
679685d38046468fdeb5ca73cc522cfb

SHA1
a024844414f9823363d9cb536781da7be10209c2

SHA256
07da1b5417945e7b9c34f6778f2ac947b450698c92d96a80e066a211308e4ccf

SHA512
9abd463f0c12e5b089e2d6cf4a9ebc06b14d288927c6a3a83d611a7be76fec34cbcae507a0bf8ef50e61c0e43c8c44a21cc37a101840e9eaa74992b374dc5339

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe

Filesize
489KB

MD5
c026599b0a811714a55eea3e9be0ae96

SHA1
4db1223b69d10df43104b6f451cc1f1602b35dda

SHA256
b85d297c5759c881cf010438467ebc29b41b50cc52375f20627e8d3de6dee4b6

SHA512
a9888825779922683449a8ce4c6b6c2586e7b87c6deec9ffde6397c79df7dd901f18268b998c651b8779ae3b9fb930652b4601ad9ce21ea487ce343e351efc9a

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe

Filesize
489KB

MD5
a63a283a69ac7f5d8d046761de2122e9

SHA1
5238361e46e0d5ceea4b549860a046709d6c28db

SHA256
6419421d80883288636cb1390d747330ec72c42d7d526cf0a5b9000a1a9f5320

SHA512
5d7c1703330f1b77919376bbd9f4869f19f3d9846d2f7bc64a6899a4b9929767f98ae01659b58a04f2d48342b1e1cf792d645f9d4b433e4fa7c3b8baf91e9906

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe

Filesize
489KB

MD5
63690bb71d4e7082f990bb5b4917d392

SHA1
71020f97f79fdc7f10d1442b144c56339c6f8775

SHA256
a33bc5c377040e0c439620fb3eff26828a3ac964933a78a439a43d15b92a1434

SHA512
5dbeebec4b766cca14ed88217c4d2b8064aac96bef630abde0f1d2544a8266a415578bc3d29449606d9e1c0e07277cdf9107ca3489434f250f63a96319621278

Download Submit
\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe

Filesize
490KB

MD5
867efc86805027a625ca1d5fffc43d9c

SHA1
8963ac59b96ab8a5c38d279565b8639756718868

SHA256
a30ee5bc6557090241786ec1a8dfe1a6c518e12ba7802f020b336735c3b92d20

SHA512
19fed7a295084b51840ab9ab11b292009da87a8333a6e4eff8259277f5810420f668f80966cc817571caf99ffb317e376368752db61bf4b5d552d75afc04f656

Download Submit
memory/336-235-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/412-268-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/412-258-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/616-299-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/640-247-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1456-163-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1580-289-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1768-336-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1768-341-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1812-269-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1812-279-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1868-342-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2036-221-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2052-73-0x0000000001D00000-0x0000000001D3A000-memory.dmp

Filesize
232KB

Download
memory/2052-75-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2104-194-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2104-207-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2216-310-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2216-300-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2236-320-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2380-330-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2392-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2392-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2468-104-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2468-102-0x00000000002D0000-0x000000000030A000-memory.dmp

Filesize
232KB

Download
memory/2540-39-0x0000000000350000-0x000000000038A000-memory.dmp

Filesize
232KB

Download
memory/2540-45-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2540-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2644-52-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2644-59-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2696-135-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2696-148-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2796-120-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2796-134-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2820-179-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2820-193-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2888-178-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2888-170-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-89-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2944-257-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2988-28-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2988-23-0x00000000002A0000-0x00000000002DA000-memory.dmp

Filesize
232KB

Download
memory/2988-20-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3028-118-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3028-105-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe\""	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads