96eb89fde28bc952b958b732035be34ac02ef25fd758f5cb73bdbaeadf5fffb3

Analysis

max time kernel
92s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe
Size

245KB
MD5

57710ebdcafe4e89fe8762078c1fb120
SHA1

4bbfd85d7bd4ea6c6626f8dcafb788793bfd261c
SHA256

96eb89fde28bc952b958b732035be34ac02ef25fd758f5cb73bdbaeadf5fffb3
SHA512

5c85045c2c05d3f2a6bd3aa3240c51efe495df5cb3f8e8da64dd8f74b196c7e251cb263dfc15e391a6ad1a1c951958aac4d0b30c6c71efda2cd1113e7a8aafcf
SSDEEP

6144:9hbZ5hMTNFf8LAurlEzAX7o5hn8wVSZ2sX6AX:vtXMzqrllX7618wGX

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
4716	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
2284	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
4604	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
864	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
800	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
216	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
1792	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
4032	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe
464	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
4480	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
2040	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
2408	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
1428	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
824	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
3184	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
2260	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
1044	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
2668	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
4672	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
3536	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
4520	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
1700	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
428	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
508	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
4976	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
3260	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 00d336e8d9aa3d4b	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4716	5044	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe	81
PID 5044 wrote to memory of 4716	5044	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe	81
PID 5044 wrote to memory of 4716	5044	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe	81
PID 4716 wrote to memory of 2284	4716	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe	82
PID 4716 wrote to memory of 2284	4716	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe	82
PID 4716 wrote to memory of 2284	4716	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe	82
PID 2284 wrote to memory of 4604	2284	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe	83
PID 2284 wrote to memory of 4604	2284	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe	83
PID 2284 wrote to memory of 4604	2284	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe	83
PID 4604 wrote to memory of 864	4604	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe	84
PID 4604 wrote to memory of 864	4604	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe	84
PID 4604 wrote to memory of 864	4604	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe	84
PID 864 wrote to memory of 800	864	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe	85
PID 864 wrote to memory of 800	864	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe	85
PID 864 wrote to memory of 800	864	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe	85
PID 800 wrote to memory of 216	800	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe	86
PID 800 wrote to memory of 216	800	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe	86
PID 800 wrote to memory of 216	800	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe	86
PID 216 wrote to memory of 1792	216	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe	87
PID 216 wrote to memory of 1792	216	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe	87
PID 216 wrote to memory of 1792	216	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe	87
PID 1792 wrote to memory of 4032	1792	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe	88
PID 1792 wrote to memory of 4032	1792	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe	88
PID 1792 wrote to memory of 4032	1792	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe	88
PID 4032 wrote to memory of 464	4032	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe	89
PID 4032 wrote to memory of 464	4032	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe	89
PID 4032 wrote to memory of 464	4032	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe	89
PID 464 wrote to memory of 4480	464	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe	90
PID 464 wrote to memory of 4480	464	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe	90
PID 464 wrote to memory of 4480	464	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe	90
PID 4480 wrote to memory of 2040	4480	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe	91
PID 4480 wrote to memory of 2040	4480	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe	91
PID 4480 wrote to memory of 2040	4480	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe	91
PID 2040 wrote to memory of 2408	2040	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe	92
PID 2040 wrote to memory of 2408	2040	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe	92
PID 2040 wrote to memory of 2408	2040	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe	92
PID 2408 wrote to memory of 1428	2408	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe	93
PID 2408 wrote to memory of 1428	2408	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe	93
PID 2408 wrote to memory of 1428	2408	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe	93
PID 1428 wrote to memory of 824	1428	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe	94
PID 1428 wrote to memory of 824	1428	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe	94
PID 1428 wrote to memory of 824	1428	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe	94
PID 824 wrote to memory of 3184	824	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe	95
PID 824 wrote to memory of 3184	824	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe	95
PID 824 wrote to memory of 3184	824	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe	95
PID 3184 wrote to memory of 2260	3184	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe	96
PID 3184 wrote to memory of 2260	3184	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe	96
PID 3184 wrote to memory of 2260	3184	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe	96
PID 2260 wrote to memory of 1044	2260	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe	97
PID 2260 wrote to memory of 1044	2260	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe	97
PID 2260 wrote to memory of 1044	2260	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe	97
PID 1044 wrote to memory of 2668	1044	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe	98
PID 1044 wrote to memory of 2668	1044	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe	98
PID 1044 wrote to memory of 2668	1044	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe	98
PID 2668 wrote to memory of 4672	2668	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe	99
PID 2668 wrote to memory of 4672	2668	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe	99
PID 2668 wrote to memory of 4672	2668	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe	99
PID 4672 wrote to memory of 3536	4672	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe	100
PID 4672 wrote to memory of 3536	4672	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe	100
PID 4672 wrote to memory of 3536	4672	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe	100
PID 3536 wrote to memory of 4520	3536	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe	101
PID 3536 wrote to memory of 4520	3536	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe	101
PID 3536 wrote to memory of 4520	3536	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe	101
PID 4520 wrote to memory of 1700	4520	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe	102

C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5044
- \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4716
- - \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4604
    - - \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:864
      - \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:800
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:216
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1792
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4032
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4480
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2040
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2408
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1428
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:824
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3184
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2260
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1044
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4672
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3536
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4520
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1700
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:428
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:508
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4976
        
        \??\c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe

Filesize
245KB

MD5
2343c55334e565aada7bb0c0bfc42e13

SHA1
75d0b093453047e1aeb7cb2b295345cac477c1bb

SHA256
d527f87b7e08c86d3b68b7323e24ab221904ff97286174a4e9be17513d1786c7

SHA512
fc74453761d240f2be04c26aed47626ab8312e0f78b4c2cbe8cfa3e717ba2530e6e83b3e85c063a33a825da3fb64bf6604b4cde6e9e0d49f502ec4b4ef1b850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe

Filesize
245KB

MD5
ec63fae6c0d86d4bb12962438c1df7a3

SHA1
8c04abeb90cb7d9d81b548cb524d9ccc07b350ab

SHA256
b461ce2bdb02c63df23e9933f8c2ec8a375db3a34b7e0b2959430697d9a14e3e

SHA512
778b254b7b7bb761425c6a6dc781b541271a59280624ce1279a64ce37e8a3f4ed871b3399301601192f169b6fbc9f3f1dee4e8709f0ba30f582d62395e752329

Download Submit
C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe

Filesize
245KB

MD5
5057e4a75cf68906e40a87dc9a7dd982

SHA1
9f462cfb024cd52ee3ff97a68faf4f10ba22ce51

SHA256
9898e670777e574ab0df3e3e1d4ea173837bcff72b25295915230611dbf11a4a

SHA512
8361d15654cc832f8201eb1c1e7fe8f97910c83b004f34eb3cd55cfa4c67aa77c987fc684749aeb1aebe54542f0389d53000640389829955e4b2bebba8b0d2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe

Filesize
245KB

MD5
b8367841d592a05748c49407bd21a63e

SHA1
35a59c326e20cdb6a8637315a7a56df657a6e243

SHA256
141ebf14120a7935129c671856a08bd66288b1d70bb31d35883ba43314c8dc4e

SHA512
32d65bc094d99e68c961f75c97052e9878cb08ba71dbc8a973cda0663845bc3a1e19b4636b1b3fa8b42d8d9acd41b89e2bf37569298875e86248593dfd880d00

Download Submit
memory/216-66-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/428-220-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/428-222-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/464-86-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/464-95-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/508-232-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/800-57-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/824-139-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/864-48-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1044-159-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1044-168-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1428-130-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1700-212-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1792-67-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/1792-75-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2040-113-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2260-158-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2260-150-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2284-30-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2284-19-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2408-121-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/2668-176-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/3184-149-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/3260-244-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/3260-243-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/3536-194-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4032-84-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4480-103-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4520-203-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4604-38-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4604-29-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4672-186-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4716-25-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4716-9-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/4976-241-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/5044-15-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download
memory/5044-0-0x0000000000400000-0x000000000043AB3B-memory.dmp

Filesize
234KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202i.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202e.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202y.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202k.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202m.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202t.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202q.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202w.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202p.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202s.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe\""	57710ebdcafe4e89fe8762078c1fb120_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202a.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202h.exe\""	57710ebdcafe4e89fe8762078c1fb120_neikianalytics_3202g.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads