8a2cd3b6ec96d34429b7387d6d63b05514092513a984e42a628845597bd93a95

Analysis

max time kernel
140s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Size

390KB
MD5

530a7ec913008e20b5d458eed2a91c60
SHA1

57e2ad575136d3ed66cb54a4e7568d63faf32939
SHA256

8a2cd3b6ec96d34429b7387d6d63b05514092513a984e42a628845597bd93a95
SHA512

3b37c6e278a4e908b3846f15a3f36d46b3eedfff2f87ecdd871451332d38dcc67bf983d747ddafb0fd4b07b668c84ab56d141e5efc98ef3e8016bad99b961529
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDjM:Os52hzpHq8eTi30yIQrDDjM

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3628	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
1652	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
1364	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
3492	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
1784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
4980	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
3300	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
4100	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
4604	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
2996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
2044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
4784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
1044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
3732	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
3752	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
5088	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
4988	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
1924	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
2804	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
4092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
1936	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
3296	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
4368	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
3188	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
3556	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cd83793ec86171cc	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 3628	3568	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	83
PID 3568 wrote to memory of 3628	3568	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	83
PID 3568 wrote to memory of 3628	3568	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe	83
PID 3628 wrote to memory of 1652	3628	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	84
PID 3628 wrote to memory of 1652	3628	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	84
PID 3628 wrote to memory of 1652	3628	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe	84
PID 1652 wrote to memory of 1364	1652	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	85
PID 1652 wrote to memory of 1364	1652	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	85
PID 1652 wrote to memory of 1364	1652	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe	85
PID 1364 wrote to memory of 3492	1364	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	86
PID 1364 wrote to memory of 3492	1364	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	86
PID 1364 wrote to memory of 3492	1364	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe	86
PID 3492 wrote to memory of 1784	3492	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	87
PID 3492 wrote to memory of 1784	3492	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	87
PID 3492 wrote to memory of 1784	3492	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe	87
PID 1784 wrote to memory of 4980	1784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	88
PID 1784 wrote to memory of 4980	1784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	88
PID 1784 wrote to memory of 4980	1784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe	88
PID 4980 wrote to memory of 3300	4980	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	89
PID 4980 wrote to memory of 3300	4980	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	89
PID 4980 wrote to memory of 3300	4980	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe	89
PID 3300 wrote to memory of 4100	3300	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	90
PID 3300 wrote to memory of 4100	3300	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	90
PID 3300 wrote to memory of 4100	3300	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe	90
PID 4100 wrote to memory of 4604	4100	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	91
PID 4100 wrote to memory of 4604	4100	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	91
PID 4100 wrote to memory of 4604	4100	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe	91
PID 4604 wrote to memory of 2996	4604	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	92
PID 4604 wrote to memory of 2996	4604	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	92
PID 4604 wrote to memory of 2996	4604	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe	92
PID 2996 wrote to memory of 2044	2996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	93
PID 2996 wrote to memory of 2044	2996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	93
PID 2996 wrote to memory of 2044	2996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe	93
PID 2044 wrote to memory of 4784	2044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	95
PID 2044 wrote to memory of 4784	2044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	95
PID 2044 wrote to memory of 4784	2044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe	95
PID 4784 wrote to memory of 1044	4784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	96
PID 4784 wrote to memory of 1044	4784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	96
PID 4784 wrote to memory of 1044	4784	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe	96
PID 1044 wrote to memory of 3732	1044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	97
PID 1044 wrote to memory of 3732	1044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	97
PID 1044 wrote to memory of 3732	1044	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe	97
PID 3732 wrote to memory of 996	3732	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	99
PID 3732 wrote to memory of 996	3732	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	99
PID 3732 wrote to memory of 996	3732	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe	99
PID 996 wrote to memory of 3752	996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	100
PID 996 wrote to memory of 3752	996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	100
PID 996 wrote to memory of 3752	996	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe	100
PID 3752 wrote to memory of 5088	3752	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe	102
PID 3752 wrote to memory of 5088	3752	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe	102
PID 3752 wrote to memory of 5088	3752	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe	102
PID 5088 wrote to memory of 4988	5088	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe	103
PID 5088 wrote to memory of 4988	5088	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe	103
PID 5088 wrote to memory of 4988	5088	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe	103
PID 4988 wrote to memory of 1924	4988	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe	104
PID 4988 wrote to memory of 1924	4988	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe	104
PID 4988 wrote to memory of 1924	4988	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe	104
PID 1924 wrote to memory of 2804	1924	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe	105
PID 1924 wrote to memory of 2804	1924	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe	105
PID 1924 wrote to memory of 2804	1924	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe	105
PID 2804 wrote to memory of 4092	2804	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe	106
PID 2804 wrote to memory of 4092	2804	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe	106
PID 2804 wrote to memory of 4092	2804	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe	106
PID 4092 wrote to memory of 1936	4092	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3568
- \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3628
- - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1364
    - - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3492
      - \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1784
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4980
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3300
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4100
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4604
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2996
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2044
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4784
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1044
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3732
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:996
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3752
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5088
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4988
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1924
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1936
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3296
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4368
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3188
        
        \??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe

Filesize
391KB

MD5
69a061817ba8fd9e941b0d3a9b30f365

SHA1
0fd42a6c48c072566f677e176ce9123200549e23

SHA256
d9c1afbe2a135685fb73029b70dc483da187f198dd0652f9ac2ff7df318c467b

SHA512
08368728b70d31c7357a384a87a3f4bd2e8821f17f49153ccb74792dd66bcee60b2077489f9b0d0df3ad4fc752678ad4f910e27cb64bd812bd2b3d35795f3320

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe

Filesize
391KB

MD5
717be9d575bbc65d44f1890d21dd4516

SHA1
01344c6b654de5b009792c30fc0c74013f8555fd

SHA256
0e57181846a212537a64c4ff25c1084f8f929fc497c703e9f7adf9870cbd8263

SHA512
5dfad2e87b789af9c908df45dfd50f67dd152a501331504aef1c488b433452e732357df9079e25025fd83b80b71269f989095bebbd4b6fc16350fbacfb19c4b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe

Filesize
392KB

MD5
a120bcf7eee8cf79407748f35e40d5ea

SHA1
f3fe23f194d081bdf1cdf9864b175d0a4e4b7baf

SHA256
87a578523b38f6ec03b5fddabdcbf9a70c48dd295f47529f08ba4adc4e2217c1

SHA512
bf2dfb27d23e2ea589c5ebbe0d2d14e635c0387817e2aa35019330b3410b16f4f408bfb655b2b1e4050a400508b8f1e517fc382b9f26f2270dc8015c40368b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe

Filesize
392KB

MD5
2d80fad7546377d6126d58a9132eb73e

SHA1
e77804ca638e2f7999c5b07523620e30fc18f347

SHA256
8c240599ff5d3191760ff5807a2976c44f8d2599f542a17d5503e0f54671b813

SHA512
ac11ba05cdb34c11a4bab928d95893bc227a7f2b15531a3428fb436e02756f4fc3356c7b7677b24249dd0532bb7a340bf13bd611e29090031f0266c34c73d96b

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe

Filesize
392KB

MD5
84820504fb9cea5d34b74239316b443a

SHA1
431351b22ffabe5e62e57486c839e59fd93da0f7

SHA256
25950103ef852ec82c800b3472b3c7f727818eda413cbc172ff9c7de75c312ed

SHA512
98b82b7a6a397b992f240e66ae992691d294ac53c245ebc12fb9244e20d3077bd80b0ee8a042d8e583979207dbd70a2f10cfdee28ce1b95c23efb0173f561e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe

Filesize
393KB

MD5
bf759ae92604d160c854514397cdfd1a

SHA1
a0a6376c4329e4e7601f17174d31caf5b3f3a2d2

SHA256
ce47ce46ed4534b965991473d41513c07eb23c04985ef4231478e26e74b52d73

SHA512
b1b60c2a94c8c253ee1c24e1b9d202b91880f5119767fa95b3f230baa5c110c3871e5b53ddfaca57c35ef916e2d12c268da31e70602db14067ac2df8e48d36f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe

Filesize
393KB

MD5
cb29c0a7cb37f5333ac5e4eedce55380

SHA1
8b954a7204abee8311f39411e11cafb86077fc35

SHA256
49bed1bfefbbca2378a2017a58a2dded99bd037c8e781e9f2f829d299d17be48

SHA512
0da6e6ba154012f8b01c65549c5b552e7841461b754f951d5212eb802713b0f2c846f8bf14c5cf6006f331cd86c99a391c2b57bd24be7cddfeacfd1e7cfc0202

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe

Filesize
393KB

MD5
837f7cf5f6fbdeb4f8ff5b0d9c418f0c

SHA1
a92e8799b2876f43aaf8cc94e8ce773224960316

SHA256
68e6e25de6f3cb4cced3b6f0cb081b0fb5637b872630236209ec26df3f5ba9d4

SHA512
9046f0a3b4e7e3f52b4db9dbdb01a257f0ab522096248133403cf3dedb353018edb2efa57ef184b3ccfc5d794b114d463c7af6af29f936c38594c5eba769a067

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe

Filesize
393KB

MD5
0bbc240ec365a49d9a15b466f9d8318d

SHA1
6acfd29da503d04b5f9bd6ba4f842061e1e3246b

SHA256
de73e75852e04917763ba3c8f9b617b31713ebc16dee57421aa16eefc4e322c6

SHA512
86bcfbea83bd9c0861c9668491b99ee507c1d3d8de443809e30a54124a4b6463cf749992f29c7f910e37b6edd4dd1154bdcc1674c7e73062b249a8d827b13759

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe

Filesize
394KB

MD5
26ac382bfb5aec7b9c9633a602620e04

SHA1
711310cd6379ca7f4360d43f92e5c9925f81ecc5

SHA256
54458dac9e5c060e7a24c65fa0f1bbf8d340cad34ec11e9eecbd5a6b6a40853e

SHA512
8a77c4e11e73cf379ed4606b015d2faf3430accad353d296a6a9e16ff30dec472e4b6d21ce90b434b48be8c1b0c42fc87718bcdc9e6e86b59b4d918c8377c122

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe

Filesize
394KB

MD5
5d4378b9cd2c6fdda46249b17980863a

SHA1
0a800321ce4c368642f56f6dc596f663ad2efd7a

SHA256
1464b0f708564ff91b5ca32a5adf92bdfbaba0863b64492f3e01f084a2f8b6b7

SHA512
3b0fa5bb3fdb954c882f7e5da41a2ca4bec4e793879a4c3dca7d6b2381e703a31f5a43111d7140b19807e8de7732c36678a257754ef317dcd862c8679bfe1038

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe

Filesize
395KB

MD5
7bf26a85fa70d2ce97c65fb2e763c244

SHA1
dbc84f73facce42a152fb8114e287a612542316b

SHA256
d6995bedd75bb4096546fb2fe7acb5c5bbf3226bf1b1ae2aaea8423255ef4ed9

SHA512
bdde61c576853fcea72851ce5ada83c6862a38f030c8bf5f9118f03282cf0c20559ee5030e393d3cb3451c0734c7275295430e00f3bedb30599efe31a4674e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe

Filesize
395KB

MD5
4dbdcc065f5b66a80c24d2e50d7e1173

SHA1
82fd7beae91945bd36b55f363446a4be78b32a6e

SHA256
a61f015216866809928bb47f97e0b9ef57605c64a83a2dd0414bc539d223eec6

SHA512
042add900b6fed7f5cb45db70df4e9d1dcf22eb28f743ad931ef156ef7dfe9c3323fadb115b16a54fed47945acca35b6c9e44237a6b53850abd34a81b4c5991d

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe

Filesize
396KB

MD5
4271e54341f1bcd7ed59248905df0e7a

SHA1
db7113263bfe2a1e4ff11f0c3daf42a7d6da6081

SHA256
8a1ee96b56f00d43c1ca4cd62ae0581ce9c8f368bd1f13d0f1e6a3d477f1f000

SHA512
1f98e605211e2fd8ec3a3b8d70815554c0d7bac4fc8ab3ab9b183164932299111b0a2e5d4e83e1587b8fcfc220edd7e5b3af8d0f4c78e95b751aad4535efedb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe

Filesize
396KB

MD5
d1e5e5d3d7713e61cc1cc1d7a605721b

SHA1
21ab2439568b71806474091a36655629a31e39cd

SHA256
13c04c398cb5233659e4dc01fe24a84a128007839297ef81c32315b877e73e03

SHA512
c57ef2c2a6260c18dfeab7332d09116e8194a76cea88a680d87ec6e4b73c846046ec1d7c40e3c1278a3f02e07701f886742503bbcfbefc219a910bf42a313b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe

Filesize
396KB

MD5
44752d64a58eab179d49c8edb23a6fa0

SHA1
c4eac6df15940d03b5baf639a0c3b2e312701e11

SHA256
6462e7695b7954f692e12077fd0ed43420bd35595ef0b0072f05e131ee925693

SHA512
00d4b5997f2d1c1359b44bb5c144b5565764c45560f62002fb1681a5609cc106ee732ac5fd1681939feec8dfcb54b24f509aa387d25dc1756f8c4193c403a181

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe

Filesize
396KB

MD5
23f951a74db95a2b74a1c6ef16e633eb

SHA1
6f58a8e73ef12c2eac2f7eb14f30f74b883f8e40

SHA256
1375d3133a41b0164c37d85e1ea7ec69ec6770c09f0f68ce305c7296cb27e79b

SHA512
4b462a1b8f0eed9972cdadfbdb6b2d3ee9602637b8b32c13edecaf34f75d95ab5aec8715ebfe5a7a3713d464210ea87a6e4c1f4ddf91c2ba36ef089dccf3f0a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe

Filesize
397KB

MD5
518aefc69b2d62ae0c27d4e04127075e

SHA1
1a23b6d0c0331cfb126ce5db98264d10a1e16786

SHA256
0b876c32e291abb383703df7b13be7379468646bf9bd046ce1e5db6344606127

SHA512
c1ef65bc8f1c5bda16482720997c96f4ddababe7a7600c4cbf3a054382c65add05af3c74884323c12c82a0c06c929ec150d942f7c8b888b69c1f3bbe4e486452

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe

Filesize
391KB

MD5
9f8fabe24cc8cca9edceb8bb10c2488d

SHA1
3336658cbc9a9b7dfc883079ec71c3de001fe856

SHA256
d55999851b000e5d05f248da1e7f7a739aa5d7af53e22aba343940f610ca2a1b

SHA512
009f32cd8196e4e931bec065684044127d635dabb75f8cfca9ce80fc287856510494c8fe80be1a58be0a2491a163da0eefe0d16a69d5fc602a3039c060bef967

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe

Filesize
391KB

MD5
ec27a98d66eedb2f6272770a4762ef08

SHA1
548bb185089c7ae3bf01691aac0ad4154648e6f0

SHA256
98659cfaa53252618a4f59db2cf425199b189303da279ca68eef943ca22e54e0

SHA512
0e9d779ec1ac136e1ab9713308ae1ca82e0db7712d82593d6415291dc13f262254b62d591829c991e747fc29efeb9c70a1ade950606a975e3e8aa9639aa96ad5

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe

Filesize
392KB

MD5
9f9203670b812e361b2f7b0507620eac

SHA1
08faeb91eb1bd765834fe96068151bbc7593177a

SHA256
a1ccfae06b676153dbab532bc6f453e40133ae01d6a44adf5238914328b25f84

SHA512
48d1232e5d3ebaafce4cd68a7567e4090826fdf60bdf824696b774c22d89dce2882ad4a8d5029ae24b2975e7adb3cfc3fc48d905093c76bfa1052291a3de16c3

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe

Filesize
393KB

MD5
e2da9b9ff52d680081ca384cfd24e7ed

SHA1
989981a8a47341483b0d3661250b0f2450b61790

SHA256
c78faa9f5b9f32ea9e2ca5991745105ffec3d41d5fc9e859f988af26d2c12777

SHA512
9450ac4f79a7a76ecd9afde9c6012207ae0ab3b7cb84a87c071ecc6c86882ba651357c3edc74deac99dad005d945f331b5cbf4495c5cac7596b5a2b4abaefc03

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe

Filesize
394KB

MD5
e5f4e2995dd69b01fcc5de4afd0fa976

SHA1
ea5bf1f2497741e6669fa1976038445d3558b15c

SHA256
712f2bc5eaee424fa1708edd42672b3972a3d198d92585902e81df4a4880fc5a

SHA512
a849831f6dc88916f5268b60aae99d5d04bd1af61f87a023de62440b948b7728304a5baf5798c14d78e4d1bfb3dc25d150e7d09a2824cabccf8dfb5a288a9662

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe

Filesize
394KB

MD5
79ababb7d4f202647b0db669f22c14c2

SHA1
5fe84434721a794ad9a23f96f5e4797cee3db9e2

SHA256
f5e593eaaf5514f4cad03f32bf9249692575c2282677d3a0e646556eb1f12325

SHA512
1e98dd57c5cb6eb175c6dd6d915d6ecf5e0951b8849be5e363d7315eb2fb04788029235f0e59698c1b08c8d91e1d4e974fa5450dd6e30da2212d3e6a4c4c8849

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe

Filesize
395KB

MD5
15a2c837bd30fb2d89612434803ef8b7

SHA1
0adde9810e573647bb64d62bb278f90ad1fc0700

SHA256
4f60b6e7a35d18d4e3d5d92af4a67f0b6772eef431ffe972edf18768ef83d45d

SHA512
b586c95fdeabdc416a853dcfc81be9df84532910c670a3edbda19cf4224a6b2c86fb461bb6a2d53f7a9f985fc213ac5131672b115e7cdc00ccc8a058569ba594

Download Submit
\??\c:\users\admin\appdata\local\temp\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe

Filesize
395KB

MD5
8aca67d22044422c829739b91139856b

SHA1
6651104a259a361d98f79bbd45ceb2f7aad1a139

SHA256
44535bd97aaa723d370e91a7c344bc58902c4a9f95a20865b1dae60bbeedbae0

SHA512
429ef674b1916b7d5a3b33b0a3debbfe4812a6fadb9f316955a98881f3025759e5c016fb4373c8e919e47883ea5cf4e8358e450079d22a32413e66f4e25515af

Download Submit
memory/996-159-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/996-168-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1044-145-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1364-43-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1364-30-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1652-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1652-26-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1784-60-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1924-210-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1936-243-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2044-126-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2804-223-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2804-213-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2996-115-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2996-106-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3188-272-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3296-252-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3300-73-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3300-83-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3492-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3492-51-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3556-276-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3568-10-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3568-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3628-25-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3732-148-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3732-157-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3752-170-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3752-179-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4092-233-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4092-224-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4100-94-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4100-89-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4368-262-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4368-259-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4604-100-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4604-105-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4784-127-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4784-135-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4980-71-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4980-62-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4988-201-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4988-192-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5088-191-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5088-181-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202t.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202s.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202f.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202l.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202r.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202v.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe\""	530a7ec913008e20b5d458eed2a91c60_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202k.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202a.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202j.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202y.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202e.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202n.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202q.exe\""	530a7ec913008e20b5d458eed2a91c60_neikianalytics_3202p.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads