2afb3a8b9c6c375aa51f3ce75e5b4e971a5c782accb4fa5b30f9f4866373fd36

Analysis

max time kernel
94s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe
Size

288KB
MD5

35d5bdfdde8d2840b9bded3ce10b2060
SHA1

b369d9b340e6f120e23545ab4962e9cbfc34e24f
SHA256

2afb3a8b9c6c375aa51f3ce75e5b4e971a5c782accb4fa5b30f9f4866373fd36
SHA512

68b31014d9593647d201e92d1ad66d420bf4074c064681fe0206aaed70fad1a72a74535749ffdf6b8fd5eab355626017bf6ddf08e86cce9fd5a1102cf11d5864
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJzn:rqpNtb1YIp9AI4Fzn

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
564	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
2228	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
348	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
3404	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
4516	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
1768	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
3160	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
688	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
4548	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
2396	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
1452	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
4608	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
1580	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
1872	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
4628	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
4604	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
4932	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe
1716	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
640	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
740	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
1660	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
4144	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
2792	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
2752	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
4260	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe
4960	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 837f9a0d73440069	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 564	2824	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe	82
PID 2824 wrote to memory of 564	2824	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe	82
PID 2824 wrote to memory of 564	2824	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe	82
PID 564 wrote to memory of 2228	564	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe	83
PID 564 wrote to memory of 2228	564	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe	83
PID 564 wrote to memory of 2228	564	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe	83
PID 2228 wrote to memory of 348	2228	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe	84
PID 2228 wrote to memory of 348	2228	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe	84
PID 2228 wrote to memory of 348	2228	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe	84
PID 348 wrote to memory of 3404	348	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe	85
PID 348 wrote to memory of 3404	348	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe	85
PID 348 wrote to memory of 3404	348	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe	85
PID 3404 wrote to memory of 4516	3404	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe	86
PID 3404 wrote to memory of 4516	3404	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe	86
PID 3404 wrote to memory of 4516	3404	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe	86
PID 4516 wrote to memory of 1768	4516	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe	87
PID 4516 wrote to memory of 1768	4516	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe	87
PID 4516 wrote to memory of 1768	4516	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe	87
PID 1768 wrote to memory of 3160	1768	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe	88
PID 1768 wrote to memory of 3160	1768	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe	88
PID 1768 wrote to memory of 3160	1768	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe	88
PID 3160 wrote to memory of 688	3160	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe	90
PID 3160 wrote to memory of 688	3160	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe	90
PID 3160 wrote to memory of 688	3160	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe	90
PID 688 wrote to memory of 4548	688	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe	91
PID 688 wrote to memory of 4548	688	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe	91
PID 688 wrote to memory of 4548	688	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe	91
PID 4548 wrote to memory of 2396	4548	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe	93
PID 4548 wrote to memory of 2396	4548	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe	93
PID 4548 wrote to memory of 2396	4548	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe	93
PID 2396 wrote to memory of 1452	2396	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe	94
PID 2396 wrote to memory of 1452	2396	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe	94
PID 2396 wrote to memory of 1452	2396	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe	94
PID 1452 wrote to memory of 4608	1452	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe	95
PID 1452 wrote to memory of 4608	1452	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe	95
PID 1452 wrote to memory of 4608	1452	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe	95
PID 4608 wrote to memory of 1580	4608	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe	97
PID 4608 wrote to memory of 1580	4608	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe	97
PID 4608 wrote to memory of 1580	4608	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe	97
PID 1580 wrote to memory of 1872	1580	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe	98
PID 1580 wrote to memory of 1872	1580	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe	98
PID 1580 wrote to memory of 1872	1580	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe	98
PID 1872 wrote to memory of 4628	1872	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe	99
PID 1872 wrote to memory of 4628	1872	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe	99
PID 1872 wrote to memory of 4628	1872	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe	99
PID 4628 wrote to memory of 4604	4628	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe	100
PID 4628 wrote to memory of 4604	4628	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe	100
PID 4628 wrote to memory of 4604	4628	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe	100
PID 4604 wrote to memory of 4932	4604	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe	101
PID 4604 wrote to memory of 4932	4604	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe	101
PID 4604 wrote to memory of 4932	4604	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe	101
PID 4932 wrote to memory of 1716	4932	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe	102
PID 4932 wrote to memory of 1716	4932	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe	102
PID 4932 wrote to memory of 1716	4932	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe	102
PID 1716 wrote to memory of 640	1716	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe	103
PID 1716 wrote to memory of 640	1716	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe	103
PID 1716 wrote to memory of 640	1716	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe	103
PID 640 wrote to memory of 740	640	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe	104
PID 640 wrote to memory of 740	640	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe	104
PID 640 wrote to memory of 740	640	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe	104
PID 740 wrote to memory of 1660	740	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe	105
PID 740 wrote to memory of 1660	740	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe	105
PID 740 wrote to memory of 1660	740	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe	105
PID 1660 wrote to memory of 4144	1660	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe	106

C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2824
- \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:564
- - \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:348
    - - \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3404
      - \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1768
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3160
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:688
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4548
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2396
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1452
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4608
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1580
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1872
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4628
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4604
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4932
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1716
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:640
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:740
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1660
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4144
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2792
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2752
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4260
        
        \??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe

Filesize
288KB

MD5
0bf2adb65c41b793de82d4960c7184a3

SHA1
1518faf820d6489de3c92c38483ada7608ace45c

SHA256
0b00a4933e759d5cfab070491ea8d54d98483a6fe55fe2e2630104bffadcc876

SHA512
ffaae553d8dfabed431290a2c430e0362e28c6b9e459ec808f8ba087df64f869bf8a8c5ecd01ad2c39e84bf3b57c990e4b1db41987d2aa8455182bb5d57e3b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe

Filesize
288KB

MD5
c9055f7e6f7ad5414e0406a355c2eb3b

SHA1
5f70401434a2d188e29427d334736c5c22b085c6

SHA256
c7fd52e657a9bc6eef84125ae0889b7571956c80bdd6a7a41c49d284a737a03e

SHA512
ad9c559faeff8c23ef39494caf62b840943d7ddb9b30716865e2bc3ae429c819d0f62ed76cc96610508fe766b8a682499509b5a4581d7476bce6ac5469138e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe

Filesize
289KB

MD5
b7856cd90a8e3ccb9d31cc6416da9a37

SHA1
ef6e1115fc297fd92efa1a78f60af9add68840d0

SHA256
63826eef918cfd2c692efd1ed3a23e324c9c66b06004884d3e648765c46206c5

SHA512
2350bc50ddedbd7b6ec288ceea10025609836d27381f10fb7f3dd94f62a9e2489c0740f588ea66b2559da65bd77d6d0eb099fb10ae0fe0ae51b3013065123679

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe

Filesize
289KB

MD5
3476e3ab127ce176fa05c05949c86c57

SHA1
d3b762f1323e4f78518071732aa98bcfaea7493d

SHA256
5e09be9ec67d8db9a41db403fba5fdde593379d2b0cb87d00f9ef4116bc6ab04

SHA512
53e7fdea728da1df4c673fed4aef7ccfe8305dd2cd54df891d8a83ca30f4eeb1475df8e3651d9c2b4ea64bb0309c1f420721541b0bb6ff2b16dcd433dfb0e7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe

Filesize
289KB

MD5
73415e4c167b2fc65690c74ef65691f1

SHA1
fdaa4965b0fb04ec25a766f1416aa29523b040b7

SHA256
4087165dd423bdbc179c5d3b761f16006ab07c296f3580b03210a5241f9c86fe

SHA512
51a57cba4595af553a56d0908dfeeaef68937bed5a01dd9b7c9232e2f4689f864903c4235a47ae7941570c575ad98ddbea1ce23c2190ad64b12f44eef2386871

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe

Filesize
290KB

MD5
22c4da031e3b46301447bfe99949fb96

SHA1
a3087f2c56911d4e6461fca9e4ab89294ffda15d

SHA256
7b822e32b800a72330637409f9b2b56f6d7db418a6d3e7f6449cbeee2aa0f01f

SHA512
98be5a1a3df54dbd6fe651e067755579c2c7484986dc31612e695dd75fe5fd3aadd7d38c7910d715b6b873cffad169a3ab89862cefd793a326ee91e9f585437a

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe

Filesize
290KB

MD5
874e5ce19dc9af56123b96cb0181c54c

SHA1
00f40da634bf74673a2429b7e9a66661a9499945

SHA256
396978f7596c340852f468c513afb55ba5a1d6c56cdf190cfd1929592a8bb360

SHA512
e1158cf27a29b8a05dd27a86bc70f881989bbbb19ee7cf1ed717136144603d619e0327b4ce4f7bd77fa99a0fc0cc895edf198130779d53aaeef6ed9255feb4e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe

Filesize
291KB

MD5
425a5f7b5571baf76d9e0c5e812c4577

SHA1
ed0319cf01c3215e2b66834987ddd735d1a483a0

SHA256
2c4d1d2a2aa7a19c0ecbddc1f02e1bc54a6744bbee97793b0f3fe5f47edcbfbb

SHA512
d1b9dafac952e9524e304636de20d1edef2c7c7700ed229dc4326d52095d4fe83a2eb1b342f904e3f6fa61bda2730910b26629f34691cb61179d13f9a1c869d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe

Filesize
291KB

MD5
76db34eb9e9de813cfd33bc7171014cb

SHA1
770bf9daae028980eb45af321b44a732bf0546df

SHA256
243226a199b087710f54cc8d74d3da74d1ce835fbcf4df5ee227d2256493da9f

SHA512
fcf74fedd088c7c5858b191a1cc58840c8aa46f609a3a9711cbd8b438f88c11e1d077c43317c59d9eb4d8553474f27d769f300ada6de4b3f4648a866b225b9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe

Filesize
291KB

MD5
15dc7cb66c5d776c781d44a073bf4e6c

SHA1
76f47db051ad001d344ecc5ff2a9edebbd1d56dd

SHA256
0fb970c740803c8a04481de35bdaaf0a0d5daf13d72874d5d7ea83e6db6b09a3

SHA512
2735a31d5e06b39277d943a4bfed30988aacc86d65170ab4f1e1c8ec24935e4ad1f8fd9fa296db46e5b85f1d798a75183681ad60056922797a3d24792b444c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe

Filesize
291KB

MD5
24f5cf1d20817a67e6616d81158a724f

SHA1
46f2ef577cbcc14e262cca674acc051596de5cb4

SHA256
9a613437b4099acb89fe35d61fd4ff1a8a69efcd32e96948440ad491f1968039

SHA512
7760d03dd572c9bb885c682be6ef9fad59c557044b1a643ddeca50dbaa775aef51310c890696a0e0c147b8491c5abc9a94dd59384fc16a84896657fb12c9e117

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe

Filesize
291KB

MD5
66a0d36a36f07c81dde2faf2b26a0a6a

SHA1
7dd388e811e208052bb418a720abdb21585b0f99

SHA256
8f6e5c11ea80ae61acb73aad27e4b6528007f89a6527857d9ab48c3b5481a395

SHA512
c8d0dc5c98c9a9a92ba71c3173ab5287ab68801600efe406ce5bf3a03443cb49e6078beac2e334398335a92791d62abaf2080f00f12d690db222030f751acfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe

Filesize
292KB

MD5
374cb00ab0a938562c7da9b6b404b5bc

SHA1
fac6c651032328142c297fc28021d39133283721

SHA256
1045b9728d9165a3b6fce78ce59c41fbbf83b0a5fd48eb84d017a848964a35ca

SHA512
e50116cee6efedead1550de35edef48eb8bc69779a29edeb9ec42f1a1bd1fad32a2ef63de36ddb37e9c2437fa1be95f5ffd14e454b8f5da89d4a738e039dbac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe

Filesize
292KB

MD5
5895a5931e8b662dbda9f111562e8377

SHA1
bd99270c672afde259c2dc614cef2dc99ff332fd

SHA256
00da93e9aae1a91e80a2b29c44f0824ab16ce137b017824a965631c3b9ca7933

SHA512
4ce7237819ae49b114369bae920df0e791fd5a6c57ef3aa50a8a6ee619b35475cfa98d4bf90e2f211489cb197f544caa36409d19c64d201a31265f57e80fc5d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe

Filesize
292KB

MD5
8a8b7df690df62fdba884e6bfd5f8a6b

SHA1
1904016f2c891c0330f37ad045eab29d97cbe2a1

SHA256
bfc90cecf05105e87306f258c18e1c481e1703a3f8740fcaeab2cfb3c3a641bc

SHA512
f5d3a1c12888609d845d1f260d38804a4d286c6f149faa99b9ef9fc0bf9acc59497c005b5a3d8b06392f07cf6855462f3e0c01e821f15cd634d65977af311cce

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe

Filesize
293KB

MD5
873dc838fe480cf0f4fb2022c34f6fad

SHA1
2bdb2c1d19ba155c579d134493c613b0dabcccbb

SHA256
67a0c355543abd3f007780098eb8c6f86b87783502fa2edb575ff9793071062d

SHA512
67435c4476c839e085533f7acc630511b85f546493fc805be8f469f1944ae813c8f2661c9daf15f49f8f1ff61e72a3c4abce0179d1cd12a023607a63c2fee74b

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe

Filesize
293KB

MD5
78f143f1f3d1915dc180f1685691e52b

SHA1
ed836f3bea4e8126a9646f8b1a8e6dc3257fa4fa

SHA256
54e73898ebc0d207c94da9101981f4f68dd42407b3ee4190d3bd14f35a51746f

SHA512
9e997ebe1744959d5104106aa8f9a18a6c60db521494714e4d90cd1d0404b55e3bb98aaf70488edfca71c9935bd3894bdbed96f856e424b35248978f0ab8e9e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe

Filesize
293KB

MD5
ba8709280e2cf68395843f994f700f69

SHA1
1c4a0b75cf414f3f88bc3d7a0aa6b4b2f4341a46

SHA256
f52835a122907273f2dc55f04c8f3b57d873aa15029c911128d5f156f7281ccf

SHA512
623969816db106e2434dbcf241945156b34bf1be34fd44b49f4b825f579488cdaed9b8a72448582b9989591456747602b804636d4fb243635161002c86b74970

Download Submit
C:\Users\Admin\AppData\Local\Temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe

Filesize
294KB

MD5
185d928cbff33884dd05103760a54d39

SHA1
b804bdad267b3386ba2826efea4ae84fae7cd101

SHA256
37af14ba84c24f1dc835922931457fb5cf27e0f57898e366f569f4ffd4752727

SHA512
11d95b01dbc799468baa3dfccfb37c9b49b103d3834d00566e96037825a5240dd9e90d19935e7c617eb9706c50552e86f32cd5b9487f7f87a4f7acc7e451f0bd

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe

Filesize
288KB

MD5
130781029d209ae8c2e4d0008928c066

SHA1
b42ee3d681e78ea6f2b0a07b50c47981e010cccc

SHA256
7865b384d781b991732eb4f5b93185c4d395082ef10ccfb3c6c4b42936fe4bf8

SHA512
36021821915c4196feeb2e31be88cf7759f045d26baa137b50db62b06918e3ab015ab87e933e7880c4a7d2825214e6fa622669a0269fc26a982199a7b3e07fcc

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe

Filesize
288KB

MD5
6cea431f111ba6dede632b41c9004d9f

SHA1
3b8b54e27adab3a7851d000552e28c51b4d98c46

SHA256
deaa793bce613937e6dd19d60e575bd644ab78af4127be8b29d489e13ff1cfb4

SHA512
2fb69547023cf5b127a5e2e40a9f28c5640c869784242a6a1b5a341331467b417f953478d352bda709da9791eda9c647c86048dca645da1e49b991e92ea70d11

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe

Filesize
289KB

MD5
e7fb33eaec2416463ecd03a69f5eee94

SHA1
489a56a6c97ba93b886504cfe69b6c4d9f9dc382

SHA256
1cc884fa4f1a1cbec45c3ae4fc0dabe174fd7c8f6d23406150986dd2cb09e522

SHA512
b01e56ccf413b46ec4500ac046213e3de38f83b672d39a506bfe27ed36143a63917c7e1481a199253f7514dd91d18f0d947866c472bee2cfc4a7b14c0ffe4c86

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe

Filesize
290KB

MD5
8c97a8d8b1915fc65a126fa460d4bd0e

SHA1
581c274c4bf67542c046ae3d631cb3c812e3e896

SHA256
c2512b487ddb8e39e584cd107f6c3b5fde482071f3302861dbae8368b3aaca13

SHA512
a697c07602dd98114b2edf3ae251d15ae714f1518861b0044536f1788756feebcfac3d4af4c321f187634763c42550ac0595bf707b70f0bbd1e3a42bd1d594fb

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe

Filesize
290KB

MD5
6a5a827643a89ac21e1485d36ac3bae1

SHA1
a9be204a7cc1a093d79e61bca78a4d64dceb6664

SHA256
4422cb90cb8348e643d8ad69627192eba07d66ba853e1a9baf66815723f859e5

SHA512
02fc7c190cdc579ea74fc87799499267dc871c51b2cdbaa4818027b7f6598320fd588a83f01ab17586a61f039dd78d64f04a94d79f8a542f3ea57b9b79e1792a

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe

Filesize
292KB

MD5
7331325da5b3384aa2ebc636cef2dad1

SHA1
1c1ac35e7f43584c4c148b5ff7f2bf8a1b0db090

SHA256
fac69352d753836969362d3a0f5f112d525b3b7e4444c2f63d6952eda85f360d

SHA512
8b9b4b6f5178251af8cfb811bffeb65bea54e488ea73a637a0e21ab67d5548217c87bf27d1688d7de9b29d35fcfa914f83214ef433dd4785dc0396eb28bc0ee8

Download Submit
\??\c:\users\admin\appdata\local\temp\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe

Filesize
293KB

MD5
4120d020b2257747e33216657da658b8

SHA1
edb316c07a24f6eff19abdd659b57b2d2a67671f

SHA256
7c5b6c716dd55ca53066cbc288239fac4fcd23d50138b5593d628c896a17d817

SHA512
fca62c92094cc1a0a262e3aa54dbf742726fbab9d731e1e91ac0e613f81c5ec14f09a35e89283f397b26dee92966bc85be5435adee268da4c680f2627b228b73

Download Submit
memory/348-41-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/564-20-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/640-198-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/640-203-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/688-89-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/740-209-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/740-212-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1452-115-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1452-120-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1580-139-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1660-224-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1716-197-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1716-187-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1768-69-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1872-148-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2228-31-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2228-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2396-109-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-255-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2792-245-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2792-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2824-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2824-8-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3160-80-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3404-50-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4144-225-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4144-234-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4260-265-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4516-60-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4548-91-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4548-98-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4604-170-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4608-130-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4628-160-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4932-186-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4932-176-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4960-268-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202h.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202r.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202b.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202w.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202n.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202e.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202m.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202u.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202k.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202y.exe\""	35d5bdfdde8d2840b9bded3ce10b2060_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads