1eb88c5efff49a1b6de529d7097e2d67c40c0db97cd16e95e814a6af1ae4dae0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 09:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Size

296KB
MD5

bdaaa00fa78f5e8dd1a372ef99315500
SHA1

bd8bcacae251ec2ae75be33968ae0d6258550298
SHA256

1eb88c5efff49a1b6de529d7097e2d67c40c0db97cd16e95e814a6af1ae4dae0
SHA512

25d8b77e07a64a6fefdaeec8389e044512956388262856aa0c3e03ee5c6fe92f2687cfdae0b6eeb00d311b6bf21ba279954c4db91b54b945f0e840722e5d8b75
SSDEEP

6144:DVaxctco+ocM1IScKgo4ty9aImy8zz/imdDR73XyG/jDgwzgZJw3b5cV6WrOau+d:2WkoISd9aImy8zz/imdl73XyG/jDUY5J

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib\ = "{739AAC7C-EE66-4478-A98A-FA39883B8F87}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib\ = "{739AAC7C-EE66-4478-A98A-FA39883B8F87}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KngConvWiz.clsConvWiz\Clsid	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\FLAGS	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid32	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\VERSION	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KngConvWiz.clsConvWiz\Clsid\ = "{B07BF6F1-8D84-467A-955F-4D399065458A}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ = "_clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib\Version = "1.0"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib\Version = "1.0"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\ProgID\ = "KngConvWiz.clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\0\win32	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\TypeLib	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\TypeLib\ = "{739AAC7C-EE66-4478-A98A-FA39883B8F87}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KngConvWiz.clsConvWiz	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ = "clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\Programmable	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\ = "Utilities Suite Conversion Wizard"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\0	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ = "_clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\ProgID	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\HELPDIR	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\TypeLib	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\ = "KngConvWiz.clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\LocalServer32	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KngConvWiz.clsConvWiz\ = "KngConvWiz.clsConvWiz"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\FLAGS\ = "0"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\Implemented Categories	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid32	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B07BF6F1-8D84-467A-955F-4D399065458A}\VERSION\ = "1.0"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C910489-DB59-492B-AA58-3EDC26FC1AA4}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{739AAC7C-EE66-4478-A98A-FA39883B8F87}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe"	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
996	bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bdaaa00fa78f5e8dd1a372ef99315500_NeikiAnalytics.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:996

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads