b65e026f609757500c18a12ccf28791fa4e4ed183fcdd1a4ab16e7638630ee7b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
Size

427KB
MD5

314fcaa92bc21417f54d1b66a9d221b0
SHA1

71f3f745f11880d5da4c5a70d2edd5f05146ed82
SHA256

b65e026f609757500c18a12ccf28791fa4e4ed183fcdd1a4ab16e7638630ee7b
SHA512

b6996d7d4f45daf6d5ebb3bff2e06768c6fe95c81b3aaaa238c2a8b75ff060c10b216e9663ae3730eb4f95fe332da9d5a9db9c3bc3d85cf009e07f99d9b07804
SSDEEP

3072:Wae7OubpGGErCbuZM4EQrjo7vgHJJPPIgXggcRYCovGqQq:WacxGfTMfQrjoziJJHIoRCovA

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
412	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
1604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
2588	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
1620	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
1704	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
1144	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
988	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
1728	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
1584	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
2600	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
412	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
412	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
1604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
1604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
2588	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
2588	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
1620	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
1620	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
1704	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
1704	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
1144	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
1144	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
988	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
988	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
1728	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
1728	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
1584	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
1584	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
2600	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
2600	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2196-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000b000000014230-5.dat	upx
behavioral1/memory/2196-16-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x003200000001630b-23.dat	upx
behavioral1/memory/2960-30-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000016a9a-38.dat	upx
behavioral1/memory/3004-45-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000016c63-53.dat	upx
behavioral1/memory/2072-62-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2568-61-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000016c6b-69.dat	upx
behavioral1/memory/2072-78-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2604-87-0x0000000000450000-0x000000000048A000-memory.dmp	upx
behavioral1/files/0x0007000000016cb7-85.dat	upx
behavioral1/memory/2604-93-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2984-95-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000016d0d-102.dat	upx
behavioral1/memory/2720-113-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00320000000164b2-129.dat	upx
behavioral1/files/0x00070000000173d8-137.dat	upx
behavioral1/memory/2880-142-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1712-160-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00060000000173e0-159.dat	upx
behavioral1/memory/1628-157-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2880-128-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2720-126-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2984-111-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000017456-166.dat	upx
behavioral1/memory/1712-175-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1712-174-0x0000000000290000-0x00000000002CA000-memory.dmp	upx
behavioral1/files/0x000600000001745e-185.dat	upx
behavioral1/memory/448-190-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000600000001747d-198.dat	upx
behavioral1/memory/1476-207-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1660-208-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1272-225-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000600000001749c-224.dat	upx
behavioral1/memory/2296-246-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000017556-240.dat	upx
behavioral1/memory/1272-238-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/412-257-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2588-293-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1620-299-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1704-306-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1144-329-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/988-340-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1728-341-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1728-352-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1584-353-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1144-318-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1704-317-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1620-305-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2588-282-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1604-281-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1604-275-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/412-269-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000900000001864e-256.dat	upx
behavioral1/memory/2296-254-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1660-222-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1584-364-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2600-370-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2600-376-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2960-378-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4475f92e7e0392e0	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2960	2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe	28
PID 2196 wrote to memory of 2960	2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe	28
PID 2196 wrote to memory of 2960	2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe	28
PID 2196 wrote to memory of 2960	2196	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe	28
PID 2960 wrote to memory of 3004	2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe	29
PID 2960 wrote to memory of 3004	2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe	29
PID 2960 wrote to memory of 3004	2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe	29
PID 2960 wrote to memory of 3004	2960	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe	29
PID 3004 wrote to memory of 2568	3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe	30
PID 3004 wrote to memory of 2568	3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe	30
PID 3004 wrote to memory of 2568	3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe	30
PID 3004 wrote to memory of 2568	3004	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe	30
PID 2568 wrote to memory of 2072	2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 2072	2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 2072	2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 2072	2568	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe	31
PID 2072 wrote to memory of 2604	2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe	32
PID 2072 wrote to memory of 2604	2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe	32
PID 2072 wrote to memory of 2604	2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe	32
PID 2072 wrote to memory of 2604	2072	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe	32
PID 2604 wrote to memory of 2984	2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe	33
PID 2604 wrote to memory of 2984	2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe	33
PID 2604 wrote to memory of 2984	2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe	33
PID 2604 wrote to memory of 2984	2604	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe	33
PID 2984 wrote to memory of 2720	2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe	34
PID 2984 wrote to memory of 2720	2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe	34
PID 2984 wrote to memory of 2720	2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe	34
PID 2984 wrote to memory of 2720	2984	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe	34
PID 2720 wrote to memory of 2880	2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe	35
PID 2720 wrote to memory of 2880	2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe	35
PID 2720 wrote to memory of 2880	2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe	35
PID 2720 wrote to memory of 2880	2720	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe	35
PID 2880 wrote to memory of 1628	2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1628	2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1628	2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1628	2880	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe	36
PID 1628 wrote to memory of 1712	1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe	37
PID 1628 wrote to memory of 1712	1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe	37
PID 1628 wrote to memory of 1712	1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe	37
PID 1628 wrote to memory of 1712	1628	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe	37
PID 1712 wrote to memory of 448	1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe	38
PID 1712 wrote to memory of 448	1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe	38
PID 1712 wrote to memory of 448	1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe	38
PID 1712 wrote to memory of 448	1712	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe	38
PID 448 wrote to memory of 1476	448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe	39
PID 448 wrote to memory of 1476	448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe	39
PID 448 wrote to memory of 1476	448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe	39
PID 448 wrote to memory of 1476	448	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe	39
PID 1476 wrote to memory of 1660	1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe	40
PID 1476 wrote to memory of 1660	1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe	40
PID 1476 wrote to memory of 1660	1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe	40
PID 1476 wrote to memory of 1660	1476	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe	40
PID 1660 wrote to memory of 1272	1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe	41
PID 1660 wrote to memory of 1272	1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe	41
PID 1660 wrote to memory of 1272	1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe	41
PID 1660 wrote to memory of 1272	1660	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe	41
PID 1272 wrote to memory of 2296	1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe	42
PID 1272 wrote to memory of 2296	1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe	42
PID 1272 wrote to memory of 2296	1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe	42
PID 1272 wrote to memory of 2296	1272	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe	42
PID 2296 wrote to memory of 412	2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe	43
PID 2296 wrote to memory of 412	2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe	43
PID 2296 wrote to memory of 412	2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe	43
PID 2296 wrote to memory of 412	2296	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2196
- \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2960
- - \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2568
    - - \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2072
      - \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2604
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2720
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1628
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1712
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:448
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1476
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1660
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1272
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:412
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1604
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2588
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1620
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1704
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1144
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:988
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1728
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1584
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2600
        
        \??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe

Filesize
427KB

MD5
85e83945103505daafd4ede87bb88736

SHA1
9a3df286663434b0d9d1e67ee7b565d0643daba3

SHA256
4ad992a809ff56fb7656ae6db610063821bc390dbecf8084e0d72a51f5cf8415

SHA512
d995800bde37b5eff80712ec3dad639518e1f85578dadb6640d39cdec984fc5c98c0bbf5fdd595ffaabf8e33f8c49d7192d7ed1fb0d54634ee07c974b2d370a2

Download Submit
\??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe

Filesize
427KB

MD5
cd3e3d49215209ec4af8b170aadaf381

SHA1
01caa77d52a499198457ad903b342fc623160987

SHA256
5076214b94664323533067ef74eb748c5393c65d103202875418a5c5b9017a4a

SHA512
c916e01af2881051657ddf530da7d457985950b9b42ef4f8d4596eb561cf74654d61f183f6546a5c87f7705e88f7f605b426714c550a833252e560c85652668e

Download Submit
\??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe

Filesize
427KB

MD5
37a127be3299b934d4cc5207ae558083

SHA1
bdbc06d603aa699dab043e82cbbc33ccaeba0447

SHA256
5c350b07a316983afb0e8a87bd3cb697cab20c9dd2a5ab0ebe3a0fbbee4b78a6

SHA512
c46fa5d5819897c9286b47f996b07fdff2cd842f33ec9b66b36f75269736dc5500f32c8446e5e22b5a360a4327e36a3e4c8b2c5e7c98b8eea956a5aa76947844

Download Submit
\??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe

Filesize
427KB

MD5
65608cc26dcf88f76ba3985520a4d333

SHA1
ee4f307b68a83cbf5df8af0502393655a3e54acf

SHA256
fb9d1fe72e3c69cbe7b002fffa3d504e28104a2d67b26f3bd86dbd8777429b36

SHA512
786af83632619300379f33680d2dde405949d400d3ea6ef0a6d6fcf38af8b7faf115f88b68ce0d204d6d369ac727026e0475ee7050e7f90830e2d9484f01eee5

Download Submit
\??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe

Filesize
427KB

MD5
d52b399835872732927322b6a70c1a6f

SHA1
23ab6c2e4508bdfae88a36eb96bcfbd187e5054c

SHA256
5d1ec42b1af286c9afe01fdcb11256f31e863b20070116eda7f396d5cdaf87ef

SHA512
fa4ac51285ddb251529011c46ad12b8421e364fc99f27f783806bb71bea1c6e7f937e5325f1ffad080bd928527430323ffa2c7ab708fe896f146f6dd2c457fff

Download Submit
\??\c:\users\admin\appdata\local\temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe

Filesize
427KB

MD5
7a9b909d2866ee1a5a8b3a0e6999b91f

SHA1
0a2ae566f439ca80304b2700745ad67d1b74f8a8

SHA256
3343fe6bc81f761750b9e8e10c9186472eb06126f757a51c0371f0ca9a4c5730

SHA512
146dfcc81bff9fdd4d715823f419e98c3cb05125078d08649e5411d2ca0288353ab1dc3e6b9dc295cb52d044cd1a0859d1c20aa8cda165f158cfb430887b10c4

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe

Filesize
427KB

MD5
709f34dac4e21eaacc612d18d9801d8e

SHA1
ebb325f28fd8d511e04fdb7ced514223dddbfef2

SHA256
8b2eae961003dbd87d5b14cc2af0de6f73fb6e9f75bdb5486b6a112c52d95a71

SHA512
dbe0b33cada0ab98ddd3a258d124c23bc79381a6ce411c19f4daf4b64b466cacfe77f192e731b9bada22dd331e4c57ce027aea9b9034c5646d77dc3c3216c7f0

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe

Filesize
427KB

MD5
263ca819c18efbcc1e5feb739eab0318

SHA1
f813ba893ae7d2b932342ce6f745c00817514f4f

SHA256
eb33376e3122bad16465128ea702453fda3fe80377e02733a1d8e103a3ae8cbd

SHA512
fe9c2fdcd40201d98d2982d3411d43080f1fc28299333221ad9e2ec47627d04100dd12d3e7698ef794852410ea3aead2672d7b5185693ebc49a96513ec408db6

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe

Filesize
427KB

MD5
1ad969a86c93455716fa159fde4e7b59

SHA1
e6a4fd1feb307e72fd178a784260a0534aaeeb34

SHA256
0b5d92cf43f5a3959b175e28b44bcdb6819563fea92cb7e51b02a5ba66280b0c

SHA512
bab30011adb8e71e0b02d7692e185e2b5514a766ca9017ef80a924badc43e2907c23a3b3a121924472104b94d0312bb5ef6210440489db12ad52aa30fce7665a

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe

Filesize
427KB

MD5
75852f7398de881c20056955d3c84fa6

SHA1
63c7ada37ad9add54ba2ca6a7f2293b8c3ca6e3a

SHA256
4760ab3a88b85106f5b9128f8e0c78d2e1826c7223e0ca2dfd1bb522574c9f36

SHA512
138d24157a557dcd766fe733041445584a2d889d5ef9e1a6e23e1349193ff3c264474540aa241e441caa2fe80e2c7e285e7f1fa74b30095e1f303f98e0c36311

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe

Filesize
427KB

MD5
fe8ff7cb2fc37c386d7e6001bead7c90

SHA1
84ff65f215ea32e573e8297a58cb080bf8f6dfee

SHA256
9a3fb85b5095007812f81c29f88ece91d92e88eb4a1020bb5ad0a28b4d5c34f0

SHA512
2de03aa75fde118bb801dc796b8b47eb3ab6625bb3f85bdd7abf5a6e1aaccb07f161a823cfecd78bd46cd16ad4d4797e3c2d30b04a6b3f6caa72d8e502757bbf

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe

Filesize
427KB

MD5
636a1141cc0f672b13780b81a524de8f

SHA1
6b88dedd893f78bb152f6332f8f47e28e4672535

SHA256
03b70eefe9dedab5fd59e444033e24f6ecbf07612fe841d845b3f4ccc96d2aca

SHA512
8a697014bbf962d51158411f9aa52fe1a155198d1cbea8a409baed79804e82e75c14a5e3b103c1f516c319cc7bbad5a3707a5963590c8727f358dfe5cf88c3c8

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe

Filesize
427KB

MD5
6bcee51721c697735d24f0fef7c47de4

SHA1
319319dbdf0fe3a4cdec0950936d56f2b8f0d548

SHA256
879f86fb5e540ff539f714d1d18d0d2d72382e1b2fb62278bcfaa55db2054071

SHA512
656af7456a55601eda38cf75eb01e6754216a2f74ed21d3e8c3d80ab0316d05c49061a11324bbf4e092668281a8d347cc25e0451e2ce2549a5e8f404b04d10f8

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe

Filesize
427KB

MD5
1f4f5bf814fe8de192b45f492060b52a

SHA1
4a4306c1cf1973a29147f51f8eaf0f307a019f06

SHA256
24761565c7a47ece13ccba2c2e296a580d9d4c77bbc7bf85776f91967df89b3f

SHA512
cd3f96df1948b64ca8c157381956fdfe5440633b6c9582ef2bcb70cb1fad61278693645d212afe2ec71541b78adf1ab8f881b2425cb29450d63fca7820bb4433

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe

Filesize
427KB

MD5
5495f5369fd7c66268f2305e607ea29b

SHA1
bc767c201032a8a24866c8279d477f760180009d

SHA256
86b822e836ba68fa11d797e53b7dbb2c0489a2e62efd1dd124a18b7a2895e190

SHA512
ff15e660edfbd6ccc1602c26ec8c46d13e0b44132988274e74725fd40b6d2c282402f12656e7dd1eee82efff9678e75023bdc8b9e017649527ab683b60e02804

Download Submit
\Users\Admin\AppData\Local\Temp\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe

Filesize
427KB

MD5
7ba5f05128c05e752d1b42bb799c33b2

SHA1
1c2c7238bba59bf3e595f57816b824498b170e60

SHA256
306e5d1ea1076c9a961d30e14a322e3a678af71090492c62e59f2cbdd96016fd

SHA512
76899e2b021d49067027b9fdc5fbb2928d5a23f61e2c959f5f68fa950d9ac4510dfb81c0bab748801b4d92f7826ba34637ceff814da66bd4b17de46bc3091125

Download Submit
memory/412-269-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/412-257-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/448-190-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/988-340-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1144-329-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1144-318-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1272-225-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1272-238-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1476-207-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1476-204-0x0000000002690000-0x00000000026CA000-memory.dmp

Filesize
232KB

Download
memory/1584-353-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1584-364-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1604-281-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1604-275-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1620-305-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1620-299-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1628-157-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1660-208-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1660-222-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1704-317-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1704-306-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1712-175-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1712-160-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1712-264-0x0000000000290000-0x00000000002CA000-memory.dmp

Filesize
232KB

Download
memory/1712-176-0x0000000000290000-0x00000000002CA000-memory.dmp

Filesize
232KB

Download
memory/1712-174-0x0000000000290000-0x00000000002CA000-memory.dmp

Filesize
232KB

Download
memory/1728-341-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1728-352-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2072-72-0x0000000001CF0000-0x0000000001D2A000-memory.dmp

Filesize
232KB

Download
memory/2072-78-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2072-62-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2196-9-0x0000000000280000-0x00000000002BA000-memory.dmp

Filesize
232KB

Download
memory/2196-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2196-14-0x0000000000280000-0x00000000002BA000-memory.dmp

Filesize
232KB

Download
memory/2196-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2296-246-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2296-254-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2568-61-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2588-293-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2588-282-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2600-370-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2600-376-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2604-87-0x0000000000450000-0x000000000048A000-memory.dmp

Filesize
232KB

Download
memory/2604-93-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2720-113-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2720-126-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2880-142-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2880-128-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-378-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2984-95-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2984-104-0x00000000003A0000-0x00000000003DA000-memory.dmp

Filesize
232KB

Download
memory/2984-111-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3004-45-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202y.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202v.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202x.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202t.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202c.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202l.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe\""	314fcaa92bc21417f54d1b66a9d221b0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202a.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202k.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202s.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202i.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202n.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202q.exe\""	314fcaa92bc21417f54d1b66a9d221b0_neikianalytics_3202p.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads