8a2cd3b6ec96d34429b7387d6d63b05514092513a984e42a628845597bd93a95

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Size

390KB
MD5

530a7ec913008e20b5d458eed2a91c60
SHA1

57e2ad575136d3ed66cb54a4e7568d63faf32939
SHA256

8a2cd3b6ec96d34429b7387d6d63b05514092513a984e42a628845597bd93a95
SHA512

3b37c6e278a4e908b3846f15a3f36d46b3eedfff2f87ecdd871451332d38dcc67bf983d747ddafb0fd4b07b668c84ab56d141e5efc98ef3e8016bad99b961529
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDjM:Os52hzpHq8eTi30yIQrDDjM

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
1836	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
1900	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
2324	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
2236	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
1884	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
1740	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
540	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
1724	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
1700	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
2232	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
1836	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
1836	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
1900	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
1900	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
2324	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
2324	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
2236	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
2236	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
1884	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
1884	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
1740	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
1740	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
540	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
540	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
1724	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
1724	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
1700	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
1700	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8a69545d209ed561	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 2024	616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	28
PID 616 wrote to memory of 2024	616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	28
PID 616 wrote to memory of 2024	616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	28
PID 616 wrote to memory of 2024	616	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	28
PID 2024 wrote to memory of 1384	2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	29
PID 2024 wrote to memory of 1384	2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	29
PID 2024 wrote to memory of 1384	2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	29
PID 2024 wrote to memory of 1384	2024	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	29
PID 1384 wrote to memory of 2600	1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	30
PID 1384 wrote to memory of 2600	1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	30
PID 1384 wrote to memory of 2600	1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	30
PID 1384 wrote to memory of 2600	1384	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	30
PID 2600 wrote to memory of 2772	2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	31
PID 2600 wrote to memory of 2772	2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	31
PID 2600 wrote to memory of 2772	2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	31
PID 2600 wrote to memory of 2772	2600	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	31
PID 2772 wrote to memory of 2552	2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	32
PID 2772 wrote to memory of 2552	2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	32
PID 2772 wrote to memory of 2552	2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	32
PID 2772 wrote to memory of 2552	2772	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	32
PID 2552 wrote to memory of 2972	2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	33
PID 2552 wrote to memory of 2972	2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	33
PID 2552 wrote to memory of 2972	2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	33
PID 2552 wrote to memory of 2972	2552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	33
PID 2972 wrote to memory of 2948	2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	34
PID 2972 wrote to memory of 2948	2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	34
PID 2972 wrote to memory of 2948	2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	34
PID 2972 wrote to memory of 2948	2972	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	34
PID 2948 wrote to memory of 2092	2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	35
PID 2948 wrote to memory of 2092	2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	35
PID 2948 wrote to memory of 2092	2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	35
PID 2948 wrote to memory of 2092	2948	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	35
PID 2092 wrote to memory of 2016	2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	36
PID 2092 wrote to memory of 2016	2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	36
PID 2092 wrote to memory of 2016	2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	36
PID 2092 wrote to memory of 2016	2092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	36
PID 2016 wrote to memory of 1844	2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	37
PID 2016 wrote to memory of 1844	2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	37
PID 2016 wrote to memory of 1844	2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	37
PID 2016 wrote to memory of 1844	2016	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	37
PID 1844 wrote to memory of 2832	1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	38
PID 1844 wrote to memory of 2832	1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	38
PID 1844 wrote to memory of 2832	1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	38
PID 1844 wrote to memory of 2832	1844	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	38
PID 2832 wrote to memory of 1688	2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	39
PID 2832 wrote to memory of 1688	2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	39
PID 2832 wrote to memory of 1688	2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	39
PID 2832 wrote to memory of 1688	2832	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	39
PID 1688 wrote to memory of 1552	1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	40
PID 1688 wrote to memory of 1552	1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	40
PID 1688 wrote to memory of 1552	1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	40
PID 1688 wrote to memory of 1552	1688	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	40
PID 1552 wrote to memory of 2920	1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	41
PID 1552 wrote to memory of 2920	1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	41
PID 1552 wrote to memory of 2920	1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	41
PID 1552 wrote to memory of 2920	1552	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	41
PID 2920 wrote to memory of 856	2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	42
PID 2920 wrote to memory of 856	2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	42
PID 2920 wrote to memory of 856	2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	42
PID 2920 wrote to memory of 856	2920	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	42
PID 856 wrote to memory of 1836	856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	43
PID 856 wrote to memory of 1836	856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	43
PID 856 wrote to memory of 1836	856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	43
PID 856 wrote to memory of 1836	856	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:616
- \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2024
- - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1384
  - - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2600
    - - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2772
      - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2552
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2972
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2948
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2092
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1844
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2832
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1552
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2920
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:856
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1836
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1900
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2324
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2236
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1884
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:552
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1740
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:540
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1724
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1700
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe

Filesize
391KB

MD5
af285e644350db190451244950186677

SHA1
2ff93a3bc7b328d4bba29363326283b64fef16a0

SHA256
3824fe5a23ad50c32f0e20a9c3d88b062cc02a1799e39cfdd2f115af0fbd289d

SHA512
8cf1f9bfb1a2014e3251ad0c2a19dcf70d41cf67bfa630344369e29d956f74f19348c68eb31f146fe2986ef07c38dd6ea1173f8f2f52e3845c052a763ec12f03

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe

Filesize
391KB

MD5
a7cc253dedef2b0d9991413fb3f776e4

SHA1
da237922eee48020977757bbf4e7dec1faf732af

SHA256
6c04a9ae65c1e4dec15d7372545e862c937478c014029de79f5cf9b412f136ae

SHA512
33045d65add875d9224515e868aca6d00da7dfb3a386b2cbdc31d0ae999fff5abc8321ebb69458c138bb0d9b9d44ea1f5405aeac7dc35495254f86a35740f68f

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe

Filesize
391KB

MD5
f501e84c0297a36a3529e71869c784eb

SHA1
7b82907c91d2b8f2c8578c8c80d96477203ce496

SHA256
bc3eb2d31e2a08bae4b4e1f7854265d3565330da25a10e4fa2574fd4adca0d8a

SHA512
1c6c7910ed59e1a8be6ec959a7902e388b75b9606576a2e9c1848e8e65442ab5b985696fa84ee47fb16651f1b675ccc0d6292ab7281080d744ae1d996f2247f1

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe

Filesize
391KB

MD5
5865e200816fd5192bca7192ef832b36

SHA1
87d6074e5a3a0c8fc5c9590cf30ee9053b38f28d

SHA256
f2ad4ceac1caf85c8e4c08f913d230fd2c6033ef092d5ee8a74e99fbcf66f913

SHA512
7ae601b4e5a29c64e7a51e00f462672090f671dac074414a884d23b3e6fac7d1dc2cbaca515bc7efdc96179511d46daf3f1ff0860ff060dd29daafaaa9fb2ea8

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe

Filesize
392KB

MD5
03f597cb8ff611ea286b7d257ebc17cd

SHA1
350f31aef660fb0d9cc628ed85034564b4f1daac

SHA256
155d02a1aabdb3cfadb263715efd5f1a8d50a1ecebe45c11750c47949e1fbe4b

SHA512
e88d1642e6cef4832d13453f178fc27b575abda0f56c759cd7b7f96483a521c993009d4366175cbc0e243cf33d546daa3fadd3d99496cd78852df5775aed5008

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe

Filesize
392KB

MD5
18f72a2438c434cf07fffbc691b53d63

SHA1
24883655cfaceb703a09a4cf4483c72cde45ced8

SHA256
3a1b031e82c08d40e1e2687b84179bae8f7990a69a80276e0f6349b2bd74bfef

SHA512
ea7006b55a326743842b38f21e82f7debc838aee945d3692ddd2f8ecee152fc129f7d08e05cd73e08c780b2a96e21fd5e6e7bc97922a86ee2e5ff980c01af23b

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe

Filesize
392KB

MD5
9b76d4b89b0125fc3e479aeb4c40c573

SHA1
88dc5c3fe81a8bb6e87e44208771c5cda01483cf

SHA256
74917a1e199c47bfe960c9c7d0f626e6d2e66f682ae7dbdc1a1f6f7f252e9969

SHA512
a7946dfa3517f52a00fea3be0c23c180537629a7f9ef9ad2afd1b9e045e2e0d5f4fe4af5a7329db8c81fd3cd9e7a7afb576ae061e85cb69fd99c0f9b009a4cca

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe

Filesize
392KB

MD5
026639397fa70c1ffd2c5aeb3c4ba607

SHA1
cbb7b7366565cabfa0a843cda4227272cf5c81a0

SHA256
c5da24e4a45de91cddb005c4934316a586a6c9a5fd316efda3caaf9176607e13

SHA512
fd79cb862d6452946e7f20f07928481dbbc4de192cb3aa8dc5444f1223f3847a4d2627904bf78e6875829c677aa09ce2d5a35e017785c67e814d376ae8b000fa

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe

Filesize
393KB

MD5
35d6bb918e26a09573152a8cc3d0b3cc

SHA1
80233ca63b6e8a7ac208a65bb5e6c94d8520c35d

SHA256
32a7ce89fe7c769db5791e915440d5090d4e7437d9124437a87f74e9388edecb

SHA512
7d7668c676ec98ce2ef8a61d5baf6b2d89439ff4964d6177aea8268136d2de30147e89ba30613d3f7f3cda88ff00ae9b5cb888d47ed5dedaeab8cf61be921022

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe

Filesize
393KB

MD5
b625032a137951a0e6b1dc873ab7e42e

SHA1
9ad6423987570fb9e09c73f078b8784d0fc619f1

SHA256
3a829e2793deb443a479cdd6674775de44167956ff634c81bc455dc6f2ba8054

SHA512
4a58a3f54d71088c0aac72f0ecee34b6747cca60ddf7dabac0b10ff1e074e17100af00fd4a9d0c0df7ef159365be945fa315c73ecd865ee5ec2901a24aac23aa

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe

Filesize
393KB

MD5
7cdde0b4b4029dfae405455e0ec5d25c

SHA1
2c83acd9cf1c65fec9744140054b0003ea680208

SHA256
56ad87c13abfeab4a5f692e5e89650f0f7fd8107a5780c169a35b6a75eba33ad

SHA512
cf0d6967df2a778e79a56da77cf8abd0ce147226156b1774d976a326a492d4733709f67a1c69041e954c95c988a5258b91e2d79dccee36145aaae640f02aae98

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe

Filesize
393KB

MD5
1cf97ac70973272414608fe15e9da480

SHA1
478f71a8ccbfd038ca6a28abd46af1b173846830

SHA256
ea152ccead6183cd8f938bcabc4bea535e9aee6047c4b13d42fb6188ebacf5e9

SHA512
44a98174201411275f19815e1b53ee742af856fce4625bbc328975e4d0bfd817dad4472d136d43e32df33f019655db1a408f147d746e2888035273accb1efb96

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe

Filesize
393KB

MD5
33fa993d603dac91e64260532e3567db

SHA1
826cdebd02b7ec11a73c8aa0a382b07f2159a764

SHA256
25b42faa0a6234d73ee5c2291424b78a6c9e131c597d3c3d4631f83da06113b2

SHA512
7ee7e8aabf2ef217bf04e829ed1397ab4b7524de3b5c1040829e30bda609ba0423b99b626a42343be583b970a2b36df3542af8a9bba5438a66648e73a32bc5b2

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe

Filesize
394KB

MD5
517d19d1eb0359e749a4a5e32ea72bf1

SHA1
8ff5cc139bc0b868b5c2f91e15c0741cd5b31b35

SHA256
86ff81b604abde1f890d3b874de164d779e0b8ddd103cad287a692f4d53e714d

SHA512
69bd00f00eec41fd2fd03839eb6c36d94c005051e22a913bad04e194a138c7e52bdbae4b1a4e2901f133e1427f48aa61819cdbea96639a50b66687fa944b5ccc

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe

Filesize
394KB

MD5
79907b9606cc48e5298678a0aab8dce5

SHA1
c9f2118ca767a4c79440f70fcbd14f586516acf3

SHA256
c4b4496760105b0b273845dea8919a7eee516fd3d639312e4cd658ef795f4ae6

SHA512
48d8aa988ed3109f87cc15bc762fd38ce9c1bfce2d4be235e1867f203f8a701d7e4cda54f25e43dfead1bcfd701e434881f6014a48d75ecd03364abcef34301b

Download Submit
\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe

Filesize
394KB

MD5
4bdba5105291756d6a9c2cc336ef0783

SHA1
ab680de45cb4bec2e112c34a042ac6145fb747f0

SHA256
13a92e36ae124860242d53d8f27e025f9dd046358b6e92e1e6086199e8282f41

SHA512
ddeebd2b1a72338544fc7cfcfad829a40d24a7ef10f2165e31f3f9b85cb6d16cedc41d45c25ad0f13308384845873ce6d1ff38e7e70093a45f84134a79be158b

Download Submit
memory/540-333-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/540-344-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/552-321-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/616-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/616-13-0x0000000002780000-0x00000000027F9000-memory.dmp

Filesize
484KB

Download
memory/616-14-0x0000000002780000-0x00000000027F9000-memory.dmp

Filesize
484KB

Download
memory/616-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/856-234-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/856-248-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1384-47-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1552-217-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1552-203-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1688-187-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1688-202-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1700-357-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1700-368-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1724-345-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1724-356-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1740-332-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1836-262-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1836-250-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1844-171-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1884-310-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1884-299-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1900-274-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1900-268-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2016-155-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2016-141-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2024-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2024-17-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2092-140-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2232-369-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2232-370-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2236-287-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2236-298-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2324-275-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2324-286-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2552-93-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2600-62-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2600-48-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2772-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2772-78-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2832-185-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2920-233-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2948-110-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2948-124-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2972-109-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe\""	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads