aa5531dea2ebdfb6e2c187ffeee0c37a0a976211f39b31731176bbbc2a178ac1

Analysis

max time kernel
94s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Size

486KB
MD5

7cc3113a7ebc985f543446d5a484c840
SHA1

76851e46fd6287bcff9efd0b2203153d8cca4648
SHA256

aa5531dea2ebdfb6e2c187ffeee0c37a0a976211f39b31731176bbbc2a178ac1
SHA512

d3479594d7d14dbbf27e0a1e003fc5bf2048ece7fee0a99980fe2f64bc83e6422c34be6052cf03115bae59ec970afb74f1b6f59b0b784b755ed40219696cf044
SSDEEP

6144:vhbZ5hMTNFf8LAurlEzAX7oAwfSZ4sXUzQIlJZl4xlTL:ZtXMzqrllX7XwfEIlJZ2xlL

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2692	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
3376	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
4136	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
4184	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
3460	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
64	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
448	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
4688	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
1640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
4512	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
4624	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
1744	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
4896	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
3272	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
4792	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
4192	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
4636	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
2864	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
1268	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
4436	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
1920	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
2900	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
4740	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
2200	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
1336	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
1836	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2912-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002328e-5.dat	upx
behavioral2/files/0x00090000000233ed-17.dat	upx
behavioral2/files/0x00070000000233f1-27.dat	upx
behavioral2/memory/4136-30-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3376-29-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3376-25-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2692-24-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2912-16-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2692-14-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f2-37.dat	upx
behavioral2/memory/4136-39-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f3-46.dat	upx
behavioral2/files/0x00070000000233f4-54.dat	upx
behavioral2/memory/3460-58-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/64-57-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4184-56-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f5-65.dat	upx
behavioral2/memory/64-66-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f6-74.dat	upx
behavioral2/memory/448-75-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f7-84.dat	upx
behavioral2/memory/4688-83-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1640-93-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00080000000233ee-92.dat	upx
behavioral2/files/0x00070000000233f8-102.dat	upx
behavioral2/memory/4512-103-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4624-104-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233f9-111.dat	upx
behavioral2/memory/4624-113-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00080000000233fa-120.dat	upx
behavioral2/memory/1744-122-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00080000000233fc-129.dat	upx
behavioral2/memory/4896-130-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233fd-138.dat	upx
behavioral2/memory/3272-141-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4792-140-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-149.dat	upx
behavioral2/memory/4792-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000a00000002334e-158.dat	upx
behavioral2/memory/4192-159-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00070000000233ff-166.dat	upx
behavioral2/memory/4636-167-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2864-169-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023400-176.dat	upx
behavioral2/memory/2864-178-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1268-179-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023401-186.dat	upx
behavioral2/memory/4436-188-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1268-189-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4436-198-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023402-197.dat	upx
behavioral2/files/0x0007000000023403-205.dat	upx
behavioral2/files/0x0007000000023404-215.dat	upx
behavioral2/memory/4740-217-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2900-208-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1920-207-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023405-225.dat	upx
behavioral2/memory/4740-227-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2200-233-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2900-218-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023406-236.dat	upx
behavioral2/memory/2200-237-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023407-244.dat	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = fccfc0534fe87102	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2692	2912	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	81
PID 2912 wrote to memory of 2692	2912	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	81
PID 2912 wrote to memory of 2692	2912	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe	81
PID 2692 wrote to memory of 3376	2692	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	82
PID 2692 wrote to memory of 3376	2692	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	82
PID 2692 wrote to memory of 3376	2692	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe	82
PID 3376 wrote to memory of 4136	3376	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	83
PID 3376 wrote to memory of 4136	3376	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	83
PID 3376 wrote to memory of 4136	3376	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe	83
PID 4136 wrote to memory of 4184	4136	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	84
PID 4136 wrote to memory of 4184	4136	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	84
PID 4136 wrote to memory of 4184	4136	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe	84
PID 4184 wrote to memory of 3460	4184	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	85
PID 4184 wrote to memory of 3460	4184	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	85
PID 4184 wrote to memory of 3460	4184	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe	85
PID 3460 wrote to memory of 64	3460	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	86
PID 3460 wrote to memory of 64	3460	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	86
PID 3460 wrote to memory of 64	3460	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe	86
PID 64 wrote to memory of 448	64	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	89
PID 64 wrote to memory of 448	64	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	89
PID 64 wrote to memory of 448	64	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe	89
PID 448 wrote to memory of 4688	448	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	90
PID 448 wrote to memory of 4688	448	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	90
PID 448 wrote to memory of 4688	448	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe	90
PID 4688 wrote to memory of 1640	4688	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	92
PID 4688 wrote to memory of 1640	4688	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	92
PID 4688 wrote to memory of 1640	4688	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe	92
PID 1640 wrote to memory of 4512	1640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	93
PID 1640 wrote to memory of 4512	1640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	93
PID 1640 wrote to memory of 4512	1640	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe	93
PID 4512 wrote to memory of 4624	4512	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	94
PID 4512 wrote to memory of 4624	4512	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	94
PID 4512 wrote to memory of 4624	4512	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe	94
PID 4624 wrote to memory of 1744	4624	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	95
PID 4624 wrote to memory of 1744	4624	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	95
PID 4624 wrote to memory of 1744	4624	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe	95
PID 1744 wrote to memory of 4896	1744	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	96
PID 1744 wrote to memory of 4896	1744	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	96
PID 1744 wrote to memory of 4896	1744	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe	96
PID 4896 wrote to memory of 3272	4896	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	97
PID 4896 wrote to memory of 3272	4896	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	97
PID 4896 wrote to memory of 3272	4896	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe	97
PID 3272 wrote to memory of 4792	3272	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	98
PID 3272 wrote to memory of 4792	3272	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	98
PID 3272 wrote to memory of 4792	3272	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe	98
PID 4792 wrote to memory of 4192	4792	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	99
PID 4792 wrote to memory of 4192	4792	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	99
PID 4792 wrote to memory of 4192	4792	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe	99
PID 4192 wrote to memory of 4636	4192	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe	100
PID 4192 wrote to memory of 4636	4192	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe	100
PID 4192 wrote to memory of 4636	4192	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe	100
PID 4636 wrote to memory of 2864	4636	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe	101
PID 4636 wrote to memory of 2864	4636	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe	101
PID 4636 wrote to memory of 2864	4636	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe	101
PID 2864 wrote to memory of 1268	2864	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe	102
PID 2864 wrote to memory of 1268	2864	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe	102
PID 2864 wrote to memory of 1268	2864	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe	102
PID 1268 wrote to memory of 4436	1268	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe	103
PID 1268 wrote to memory of 4436	1268	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe	103
PID 1268 wrote to memory of 4436	1268	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe	103
PID 4436 wrote to memory of 1920	4436	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe	104
PID 4436 wrote to memory of 1920	4436	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe	104
PID 4436 wrote to memory of 1920	4436	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe	104
PID 1920 wrote to memory of 2900	1920	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe	105

C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2912
- \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2692
- - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3376
  - - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4136
    - - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4184
      - \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3460
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:64
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:448
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4688
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4512
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4624
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1744
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4896
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3272
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4792
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4192
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4636
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2864
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1268
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4436
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1920
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2900
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4740
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2200
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1336
        
        \??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe

Filesize
487KB

MD5
32f4150f8de5c0f329e10bf5a63ea898

SHA1
b02feae1c958a0594934ded0cb0c8d662a4da4f8

SHA256
4a1ccebc229eb229e768798a27dfaa42ede40c5cf92df333d28eda8991148451

SHA512
649111168b2c4daaa67cb016f50b97c229ed5ca898c82d94d982f562c75f7cf3555978554bf14f8c223c3a2fac74fbd50f77766ab86a0860ff6e1f52d460fa12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe

Filesize
487KB

MD5
5be833c7d56c03c40d6dbb086429edb6

SHA1
3f746ef00b041a2ba7431b831a905ac2c94f0714

SHA256
c37a8c3459ad7ad8a487eda5784fa1fa0fe0fc4e561342a5f95923ae9f889d3c

SHA512
6bf49257857df32a21b0c6be02d21bf14461f7ccf9d7768dfd69e68046136098bb3298aa70ba2cb3b21953697ae2323996a3a5874ff2965256bc7a13ca71d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe

Filesize
487KB

MD5
88370b1e8c937ac35d0a178dcd856e6a

SHA1
037dd02c9a9efc3436e39df6b4b1e26a208e406b

SHA256
0068ad1199366a847e4bd93a8a65b2dbcd491d746b166816d38558f04dbe97f3

SHA512
56ce21fe341e3452c43fab1de6b05f238f6f1cec1713760b6821d381909519fe14879769ad672f47bc4d6a148de96b518a635013d9ef03fc798380d5022e93ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe

Filesize
487KB

MD5
d19671d4cbcbd01a1ab565aa02858356

SHA1
45c8f5f19b4a3044701e5136c50ce53d015a91e3

SHA256
36520632663a9003257416f52af0fe51688c2c210383a630b14182269640f8fa

SHA512
466dd96e415739f7e80158b5df2c4287163ca62f9c796d08cf9f8d10a566bdade438a9d012520b6d4d0cc1d88261628c1c950411f6670ed7e8075a2c8e02a230

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe

Filesize
487KB

MD5
ad3e624b9cec908306266796f6406c17

SHA1
57a0e1e8aad8c2a55a09a8a1680594b47af5f982

SHA256
f3ff43eac14d842818244c7f071728391dd64a2b88ec46489029e451f7c29492

SHA512
51152a37306decb34bf704629b852ae85583f37e1bb7a3c2d57f45dd7b92c43932439bd387d88dc993bcf3a7ee62ccdfbe38c9953868a2fcf542254c987e0229

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe

Filesize
488KB

MD5
51b3fc460adb6c6b6f61490fb2e7c97b

SHA1
cd57bb631f3ddb5e1b77beb3841c7c140c5fa8b5

SHA256
483e157139fc356dc97fbf91b738872113cd87a4dcacefa24a10f562d282f16b

SHA512
e6e35613ba445c4afbe57c9675c87680d72dc2a2180d103e0d1bfe29380e143bda3e584bd54c253f36c0d47cf1f47309b38253b6f3ffe0ce6975598a21ff0631

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe

Filesize
488KB

MD5
fab170fc8dac67e28663eae237a9cd40

SHA1
cc0b4e751d3137d5516f5ef031d36f070773c01b

SHA256
6be793e3a8885001222f27f785466caa1cfa92b40fce0be866a6644f7c229147

SHA512
a1ef18845b7baed83c4378e34e3ad0c575c60790c5bd10b5664f473f84a875882718ba30e6bf3e412629ddc4a8037982d48133ccd725c49ffe9bf232e3b80cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe

Filesize
488KB

MD5
216ec3fe64701c4c80290390aada5e6f

SHA1
333aee8a784ac10667da983ba419f82e59052cbf

SHA256
a8b90bbcb002e7639b47f95fdcd0ca4c698c4ce95a122e2a78e906b7f6c965b8

SHA512
bb7a25710771cf89ead9f10e7b240e8f1e2758b784a86c05e239606f865e8d5cb669190d4f1610d0e30ae22c008d821edd8ae6d8e2b5f8869c7a7bef5c99d7cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe

Filesize
488KB

MD5
14f7066a1684adb723c2cd36bbe7a704

SHA1
d9a35eede921925b5a85f8f34623759798162083

SHA256
a62652f8ca18ca2a95f17bf5c3c6c747bb1bbdeefe8cfccfdd5cda5eb06f84d5

SHA512
edf41bfe67a43cb1d46d2dbe4952099e81030434398fa5e571f6cae78a7907f911c9e5fa748f2c0a5096835ce4da0d1620c3629ae059fec4e73fb42417ec80ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe

Filesize
489KB

MD5
5b29a3f8c1a676aefb221b9f661bd2dc

SHA1
85dd71432169296bec25d5288cf6bf42fe55c2ae

SHA256
c2b7bc2399e2a4bfb85bc794d19feaa06e63f527a6df13be6507db64f7768689

SHA512
2fd655c371bce719f3367ac2cc2d7bb0df54e5714304199adb324ae5db33048f831417a55a5de81cc59d4c1f1b1fc7226677570be8731392c5b3c08a4e374f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe

Filesize
489KB

MD5
89cfefc1c2f50c5e98318af58749bba1

SHA1
3b995ecaeca8d5d0ca7f9c1ca814be69bb97a049

SHA256
580ee395384e7d7df453c3eb8878b16f702a70769f72d5842284f1df931a46ca

SHA512
4dc4f97b9cd646cda8dc49c2fc1e7ac46e7fd9e49b66fbb93c88525e9f68e9659dbbbd5bd614c25ebb45da5759728394e725b9acce6babb8d3d0b1f2af806aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe

Filesize
489KB

MD5
e57574b2f65a69c25c85ce766063e50a

SHA1
132e605e035e448d61e44b24ce19d4c79610cddb

SHA256
195b13fc73a533957dde5135e45965dec59b725957be3d35507537fc800e5613

SHA512
858d29b7f33c96cb53a9a4619624a748ed4574f37ddd57fe742fba87aae032ddceeef137fee408d6f5521b24732827c6b0b617c9183cf4ebfcdba273dcc6e129

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe

Filesize
490KB

MD5
d67e7d32cc2b86203178171dd230d0da

SHA1
35078b085eafaf365dabd1491ccf404f8d7012d8

SHA256
c414f06ca5d6b7b874e6f61edf59c36da7503f35d3279634cf07463211adb37b

SHA512
1735f5bd90db27672e5f721ca4ae3f90debdd6eb62b2519614dbc3a98e643f281ccff44a65d6732b00b4900b2ccac50000118517249156e3d04833cd5ba5939d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe

Filesize
490KB

MD5
9d432b9e28a2ccd3aad7c43577390c63

SHA1
d10095eb50ed3cf806a386a1d6c0dac8736c2f12

SHA256
1615175215f188d28f410797e3b311eb76f0682c6cb0a04abeddbf173f6f3527

SHA512
3d46074dfb0a4a440a45e903a9e3370cbb8ebd5cf7e023c0f22904e0c6732d185744236e6a1a6552dbf9dd5428067de549f9233e713ee0fc43cea7b5297aea44

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe

Filesize
490KB

MD5
9b75d298e920c0cdea6b1336fff07e97

SHA1
b69037a5b3ea74cddaf0564cdb18a0aecbec879c

SHA256
e74c361e6b8c4a95bf09ffb58b6878258d8742bf45857b3f7c344d8506cf3ffd

SHA512
6e62427f93dc83775781389d7381028987372cd3b31ca10e3d0dc6cd5c1b04849a3a41989bd51247812671695beb53f8c2b5a430c18b1fe072cdb818c33fbcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe

Filesize
491KB

MD5
b9c24a1f5c21371db4e90fd7d3d74330

SHA1
cd6033205265bc200bfa231e8de7b849e22b5b70

SHA256
bbbcf91c98d2740197e940d80f96c8d970a3b7a8d3526bb3c368c692bab86f23

SHA512
b8f6aeb6fb5cd6d7d36ea3e1e67eddf6a772248b050030df479ee091d6aa6aed17899b9ba92a71d1b443b737ff5f4e5caa9f6988cde1757f14b81b16393b02a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe

Filesize
491KB

MD5
8b8de1192d97ef2949ab8267185b52b7

SHA1
59e4117f6fe0bb1bbe9a316acc57c7904b874ba7

SHA256
7bc555bca4c848913ad46b3b87359f2b5606cc55e69ca43e91cc9357ac9ea001

SHA512
5d8fe011766b9bb3d557414abce60f9f13232dcf4a03ce6fb2345936376cdb35e52a35d7bafdc64e7e6c9677e4dd6992b2a78df3484a94b892dcddd5b1e9b5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe

Filesize
491KB

MD5
155722259cfd408ec7f501a75628de31

SHA1
e62ebabc2085480995b03697aff3553dc66edad2

SHA256
42631054c35bd659814bd6d758f53390105e1bacb397a08e933b83c4159cea45

SHA512
b1fafc25cf70cee5ace2cfdba792822cc53bdafa61783706527b2aee2bea5007d714b1d97acd1e40e0e616af0bdb509d34a0d56346482999f5a90eaa1dffdce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe

Filesize
492KB

MD5
49de98218967533f8491119a403f65d9

SHA1
fb1b80c18e3f61d7d745dee9f2c85fa9606650b8

SHA256
9e8e34c5bdb3fef17639826f0c0e9ad280083df71a2f7e20594793ca3332aa03

SHA512
a01d0da3908a277d2dc8fa0e8717563566daa9384deeeeb4daa932ee2e0ce1fbe82cfcfc619e41a3597e6368ab49fad23cabb2903ed9739ae2fe9db897dbf53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe

Filesize
492KB

MD5
038a2609a6d264c8f46affb5c911031a

SHA1
1808ce3f1811fe24dce3119655a7357d32004c55

SHA256
12d4ca068ebcb77ae7eb2e51db45010cb1e56f67eadaae5d29e590fc80ba0c1e

SHA512
a0861e02d6cb07d2118bb4c151dba3a10907bda921a8c76ed13796ec2bc06cef9a02f41c6bb4db48b03f7bce3eea81cfd03af4ea02e28f64aa765bd7329c39d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe

Filesize
492KB

MD5
135be70d3b59203372e433934fa7d388

SHA1
80977277ab2fd8cd5de7c1ba3ee353add7682656

SHA256
bc023d7311d6413442d0ac0248d6f087cb148e56c42f191700793e5d81d0567b

SHA512
74ab53d4952f4291d2418b7c7d43db8f5e38fe0ae02bf158abb334a1afb867f953712ece56e5a7451b83c52a4fb90a5d915596c20743a232f0a92f5c53fc6955

Download Submit
\??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe

Filesize
489KB

MD5
6221ef5200c8c40f8ea84cf9e3291b7b

SHA1
5764102b2f3796a9d9cdddf31749cb26ff03ff83

SHA256
d8d6bd9ec0036831623f492d65b2994fb189ca9ccee923b59fad9389d702d752

SHA512
4a7e51a55c4d36d0f420c56ff9179399a4ca2b464e3517bf023e5ede0b6c030f66e8799a0b4ec97888800bd63f573e15b12bd63d8b2d4a8433dfd4b967578695

Download Submit
\??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe

Filesize
490KB

MD5
b5b3f80f9b07483541a216093604e835

SHA1
c27dd2316a9b9c99aba2284471870238fb6b8d9d

SHA256
a330bdc3c21da2616c12aa708cfacd0dbf4811d83cbf3c6b7195ec1d576e4dc6

SHA512
42c2b2c120f20bdcd18c08ebc8b3fa66b84f24a8fdddb6b874b4c7415529cfd5d4dc532b7252a419081874fa3df4d3e7a8a916ed2eed3d385706a705308bc074

Download Submit
\??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe

Filesize
490KB

MD5
6bc4d7e75da931c8f5ee25179bcfc744

SHA1
446ad70180459903171ac300cbd9837044653df5

SHA256
8cfb176fd787098b4475b7f18580bb4f9f6100d93c93fa192d3b57eaca8ebd03

SHA512
5dd274380e54e6820205083fdb78cb50dc7d8bf37e87a471750232e7d48cf8877f7202be374b03ae0f57217da2cd86b42717aa399164d8f1fedd78f97c85a542

Download Submit
\??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe

Filesize
491KB

MD5
45d9259e6a6cdade96cab7405968732c

SHA1
9206b354be9cb26a4d764b9e51df85dc6cb92ee9

SHA256
e43fd55f9e4119b9a55c9914797f03be393460a8339deffaede271386da270ef

SHA512
d20518915a970fa1a201bf4f6c83c16930a07e0093d4557dc0a6476752d64d9ddbf3b2b88cb703e71416b527171707d1500251f03d30e0b929bb724cfa5e17fc

Download Submit
\??\c:\users\admin\appdata\local\temp\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe

Filesize
492KB

MD5
06bbb77d1937a45fe00a2cf1df150824

SHA1
54130ae60177269044004e4b5ade73f8b384ddf8

SHA256
16cc132818d7cfdb096318c5dd04d22ceea53c41ee14724ba2cb622a8f039e06

SHA512
f8bba7022002acdbbfa23f7db1971033d1e9357d197a337c63b5feb4f29bc699f8bf0e51a88fce41846c06e3d0f03e8aa0d4269d5a7ce8666254b50155724525

Download Submit
memory/64-57-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/64-66-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/448-75-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1268-189-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1268-179-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1336-245-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1640-93-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1744-122-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1836-247-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1920-207-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-233-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-237-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2692-24-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2692-14-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2864-178-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2864-169-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2900-218-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2900-208-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2912-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3272-141-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3376-25-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3376-29-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3460-58-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4136-39-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4136-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4184-56-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4192-159-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4436-188-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4436-198-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4512-103-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4624-113-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4624-104-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4636-167-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4688-83-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4740-217-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4740-227-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4792-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4792-140-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4896-130-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202g.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202u.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe\""	7cc3113a7ebc985f543446d5a484c840_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202b.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202f.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202a.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202d.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202i.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202r.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202y.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202m.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202p.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202w.exe\""	7cc3113a7ebc985f543446d5a484c840_neikianalytics_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads