411f3aaf443156cdc30c43c8a3ed12fd9d3751fb187246a1847da675b3f0516a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Size

389KB
MD5

d2b556cd08bfce90cbbd700c71112b70
SHA1

3e93c6689b3077a6142823ae3ca45b431e91cfd9
SHA256

411f3aaf443156cdc30c43c8a3ed12fd9d3751fb187246a1847da675b3f0516a
SHA512

58f8f1efc616f6065cad74f73ef4bdd93f82978b44369692a3f3a1be96e94f8a5eacc9efd9c77c04859d26b76da038f1452e5a298645fe8194db6518aae7f2c7
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDjF:Os52hzpHq8eTi30yIQrDDjF

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
2212	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
844	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
1852	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
2800	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
692	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
1880	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
2020	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
1552	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
2872	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
1516	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
2464	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
2212	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
2212	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
844	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
844	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
1852	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
1852	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
2800	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
2800	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
692	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
692	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
1880	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
1880	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
2020	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
2020	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
1552	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
1552	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
2872	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
2872	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
1516	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
1516	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 3aec51825a4ad51f	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1636	2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	28
PID 2856 wrote to memory of 1636	2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	28
PID 2856 wrote to memory of 1636	2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	28
PID 2856 wrote to memory of 1636	2856	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	28
PID 1636 wrote to memory of 2512	1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	29
PID 1636 wrote to memory of 2512	1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	29
PID 1636 wrote to memory of 2512	1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	29
PID 1636 wrote to memory of 2512	1636	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	29
PID 2512 wrote to memory of 2504	2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	30
PID 2512 wrote to memory of 2504	2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	30
PID 2512 wrote to memory of 2504	2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	30
PID 2512 wrote to memory of 2504	2512	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	30
PID 2504 wrote to memory of 2460	2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	31
PID 2504 wrote to memory of 2460	2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	31
PID 2504 wrote to memory of 2460	2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	31
PID 2504 wrote to memory of 2460	2504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	31
PID 2460 wrote to memory of 2368	2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	32
PID 2460 wrote to memory of 2368	2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	32
PID 2460 wrote to memory of 2368	2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	32
PID 2460 wrote to memory of 2368	2460	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	32
PID 2368 wrote to memory of 1604	2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	33
PID 2368 wrote to memory of 1604	2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	33
PID 2368 wrote to memory of 1604	2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	33
PID 2368 wrote to memory of 1604	2368	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	33
PID 1604 wrote to memory of 2756	1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	34
PID 1604 wrote to memory of 2756	1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	34
PID 1604 wrote to memory of 2756	1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	34
PID 1604 wrote to memory of 2756	1604	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	34
PID 2756 wrote to memory of 2440	2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	35
PID 2756 wrote to memory of 2440	2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	35
PID 2756 wrote to memory of 2440	2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	35
PID 2756 wrote to memory of 2440	2756	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	35
PID 2440 wrote to memory of 1656	2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	36
PID 2440 wrote to memory of 1656	2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	36
PID 2440 wrote to memory of 1656	2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	36
PID 2440 wrote to memory of 1656	2440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	36
PID 1656 wrote to memory of 1440	1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	37
PID 1656 wrote to memory of 1440	1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	37
PID 1656 wrote to memory of 1440	1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	37
PID 1656 wrote to memory of 1440	1656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	37
PID 1440 wrote to memory of 744	1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	38
PID 1440 wrote to memory of 744	1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	38
PID 1440 wrote to memory of 744	1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	38
PID 1440 wrote to memory of 744	1440	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	38
PID 744 wrote to memory of 1344	744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	39
PID 744 wrote to memory of 1344	744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	39
PID 744 wrote to memory of 1344	744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	39
PID 744 wrote to memory of 1344	744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	39
PID 1344 wrote to memory of 2936	1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	40
PID 1344 wrote to memory of 2936	1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	40
PID 1344 wrote to memory of 2936	1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	40
PID 1344 wrote to memory of 2936	1344	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	40
PID 2936 wrote to memory of 1864	2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	41
PID 2936 wrote to memory of 1864	2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	41
PID 2936 wrote to memory of 1864	2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	41
PID 2936 wrote to memory of 1864	2936	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	41
PID 1864 wrote to memory of 2788	1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	42
PID 1864 wrote to memory of 2788	1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	42
PID 1864 wrote to memory of 2788	1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	42
PID 1864 wrote to memory of 2788	1864	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	42
PID 2788 wrote to memory of 2212	2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	43
PID 2788 wrote to memory of 2212	2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	43
PID 2788 wrote to memory of 2212	2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	43
PID 2788 wrote to memory of 2212	2788	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2856
- \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1636
- - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2504
    - - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2460
      - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2368
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1604
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2756
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2440
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1440
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:744
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1344
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1864
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2788
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2212
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:844
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1852
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2800
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:692
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1880
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2020
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1552
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2872
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1516
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe

Filesize
389KB

MD5
6542edd161dc7e8c39d83978a8103e2d

SHA1
9666e17a3b12c85376aa989ca75f977c00aed888

SHA256
aada505be5bfc555b93dbb4b83b79abc3e5bd50e43898b3d6c690226024021b0

SHA512
47fdab4cf7c7acaff4b6f9d1ea9e1e7028f4c5dd772aeb774cbad855e157252582e8ccb2402ac67a1965fb3a71ec7e21a3634b5dda0e8a87dede2db8042a1867

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe

Filesize
390KB

MD5
bb1edeea5255c4b69c2f0159c7afe596

SHA1
c9121c411817424b55a7605d9f84c5dde58e3ac1

SHA256
3bcbbbcf01a06382ab4728884a27acb67e4954faef2b8b5de9d27e3346f52c8d

SHA512
74abb425ab6ac8b5c2ac7b688669043274dbaf54358f4fb9cace2f5830554ef2535cfada0fcbde27a22764791914cb54bd0a9e849a7b14a7388241de2481c86d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe

Filesize
390KB

MD5
44b4ec5c416898b01bc183abe69d9d22

SHA1
59be8467cc1e5e2a061a6523c7bd23ff666fe9b3

SHA256
735d1e51c9fe38ff3ab1b0e9ed0475811d2338ef773dd6c7c3260cd5139f1069

SHA512
b8b5aed226af7ede9039d882874ba51874c71c546c6dd64c6b33093a9bc8fa9214be08e14c21367bf849a03aa85e40fdbcc0a14b25697d22042bf1be639a6900

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe

Filesize
389KB

MD5
45ca2049c12b0733947bcf3c4bc45bc4

SHA1
d029400e995c71639b8268706ef4aa79598d4852

SHA256
b712344c480dd888cdb42e87e9937174ea32e1becdc7819703982e76039fcbd8

SHA512
6d2308e556a7384378cd3e1e1f871be133de1136cb2428668cc93a1ab74519f4b0e5a1f812efb6b85c15f61891f81328a2ca77ac96c446f5053029d4804a3e13

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe

Filesize
389KB

MD5
98b4e484270dfce1fdb1e54af5044c72

SHA1
e4a6afc155a711c358e508fb227267719bed6ff4

SHA256
3e1c1915173ba15b9f0fc41b05fa9678877d9536cc293afaf319e106c4347312

SHA512
1d2df9b79c40ac99278698eccb4743a61a0392e4879b415eabc983c6f403e8fbecce8635753b8bae1287789c41c07850942d58e38c105bd97fd848605454e4a1

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe

Filesize
390KB

MD5
9f14c3b5fcdba4be3bb57d6cc171f7bc

SHA1
454a803040b6e5cfb6497c310d0f425cf1fb19f0

SHA256
ad3aec0bbd625fdad1a52b4495e9d8cde3f31ad2979d0eaf01756bf25feaf95f

SHA512
05dbdd07f95b40a38276eeb69a3a30d9e2e7de4e7311985db7f1d33dd300027aaef6351de835e7c50335ccdc9e5941dce521465eb5f016b68fb9fc028fac6be3

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe

Filesize
390KB

MD5
aaa002fd8f382c21df8ac051c643a1df

SHA1
f6303831de254227a2b438e16b225060b77c0d53

SHA256
b6f34f7a2be6dada39f66bc32782262b39ef969da290ad91b7d6974ada5de29e

SHA512
fdb0523161beb79620227506b99593da22ee3173882b8be5b99927127471976e6f62c94a0bca92f37a5660dda0f8fb74c80614fe955dd520668fad22c748fc8f

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe

Filesize
390KB

MD5
13347898519fa3f36566e23a867766ce

SHA1
b6629b4da2ce9776a277bf96fc98d3ba68fa1b28

SHA256
7c7a783bf9f1d05e13bcdbb0e51b7f54544e2d59e2f1aa8619b959095d72464b

SHA512
c9db9a3d57493da6cb39ae56bf88c1136c1f3d45fb1ad075bf0d841dc05ab8bd60f96ceee362d422fb6386d6f8e340106c6a80cf9db06557e79d2598683616db

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe

Filesize
391KB

MD5
3097c1152c2f854920729d9189c421ae

SHA1
100bef08e792664958486505a5fe19b86103eca6

SHA256
8dea5a980a8b64c7cd47fb9d1b90d2efc354ed1f402ecc09c6c2e3f35c2aa4c3

SHA512
faf6d620564fe89a654f9f147036cf0801c77aee70e38fa9966c4b0aeeb4c35d8445e2cd61fe09d1c78a7e7e24985c00306414bdbb4e91e8750388e0e09ba168

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe

Filesize
391KB

MD5
75eb7abdd5086c856816a6c8e4dc7e67

SHA1
7d316a76f122376f48f7592ad0bd5c43b722a1ec

SHA256
1ac8979d4bd9262eb17a28cfd1e0e5f144b818369bbeaf43f3708f4ca3f8f215

SHA512
78c8cccbbfd4c5808c523e0c4200fe6e09398864c91e3de4c08f8c8d12c9e2f8850b6c0ea49d6fdfeaa1b72e25cda4fa5743d572e5f2e12cad466c454a7aa35e

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe

Filesize
391KB

MD5
b81a159d676fee85b2c42323cf55ad3f

SHA1
74a8823b143e3b675f56119c7e465c892a9992e5

SHA256
a6ee4aac3886d54885c22efc958787736556023a85932d01548a58ec20b70e9f

SHA512
9fb5acdfbcbce3ef82d9b76619b518a3332e17de274806d4d4ede30c2f8e4a7bcb65c033a7b104342338136e35127d3b678170c27e4a6ae7fd51c4fe01fdb6ea

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe

Filesize
391KB

MD5
3d1712beedd4a4b0a264fe7ea381fb72

SHA1
79ece46a79f30e67201745cadcc039c6a47a0b14

SHA256
93b67ce477a92ef5df8ad56ad7f72e32f95d374c2f7193e6a0b1bc3552511c1f

SHA512
4a7ee966254e3d4288559436c75b119be41ddef6b4d6ca614435f5a6d0f22561d151eac485adaec6a8cb71e3dccd6ce61e4f2ed57b7a463b4582bb70cbd44f02

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe

Filesize
392KB

MD5
c45f2a6bbcb4e30d1ca1114220ae9206

SHA1
41bec446b65bd82a911e207d61bbba9900247a50

SHA256
0902765b100f07ac797f3f38905a4da2f6d1c393ebe5184835bed1439499d66c

SHA512
165851a170b6b8345f4e81590e98c8d1e04f290f4ead3d0ec5a03e863593f8f90735bf67978c2e8df3c2c1417641e616114264273a36373bf972683666f834c0

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe

Filesize
392KB

MD5
6dfd0e6cbca96ee5e8f09045a241ca8f

SHA1
d12d25e3284751694621e87f9ff28bb084acb3b6

SHA256
1f2c5a2248a3a1a3226213ec7185549264c44384bfde732ed1b90e57210ec10d

SHA512
e13e98f7758e79bfd4533e5a835dbe906219bcc3891655a787d467495690cb8c491a7149382e576c4a707f7bc59900e65e504cb62001154a9c3c2bc1aec97a98

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe

Filesize
392KB

MD5
4e825bdac574d58abb3ab3722f553407

SHA1
2a0afd2785e52a3229e5b17abe08d6381493c25b

SHA256
9c46f77e0e9de61dc1435058469e878739ce04abe3ae4e4742efea4aacfd7510

SHA512
d47bd4d2e0f23dd2e8b91f2cd304dfa782590ba9f1d79cc1d4ab8dffd8240ecd117d96684e47c96e53fb811f3a313cd8a8507a7f83ab40e60bebb03a074ee0f5

Download Submit
\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe

Filesize
392KB

MD5
d4432f0bc8edfbf998cc6defbf093131

SHA1
c44415c61afd93207430a8ce43fbd2958ed7cd81

SHA256
3a79f0a9bd7c0618c8cda73c0266bb7576ef9bdcccb7588687ca44f7c7161705

SHA512
74b789e68513dea428bdf34c65e748ec813f84843a4991854ccea2a2a2e84e4e1928ff0bcc2af0c158a538acb824d2687f5aedc6ec73e2c94f4b67e5a39c633a

Download Submit
memory/692-309-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/692-315-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/744-185-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/744-190-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/844-278-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/844-267-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1344-206-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1440-175-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1440-161-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1516-375-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1552-341-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1552-352-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1604-96-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1604-110-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-30-0x0000000002730000-0x00000000027A9000-memory.dmp

Filesize
484KB

Download
memory/1636-29-0x0000000002730000-0x00000000027A9000-memory.dmp

Filesize
484KB

Download
memory/1656-238-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/1656-159-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1656-160-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/1852-290-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1852-279-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1864-236-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1880-316-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1880-328-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1880-327-0x0000000002760000-0x00000000027D9000-memory.dmp

Filesize
484KB

Download
memory/2020-329-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2020-340-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2212-266-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2368-94-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2440-143-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2440-129-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2460-79-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2460-65-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2464-378-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2464-376-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2504-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2512-42-0x0000000001DA0000-0x0000000001E19000-memory.dmp

Filesize
484KB

Download
memory/2512-48-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2512-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2756-126-0x0000000002720000-0x0000000002799000-memory.dmp

Filesize
484KB

Download
memory/2756-112-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2756-127-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2788-251-0x0000000002790000-0x0000000002809000-memory.dmp

Filesize
484KB

Download
memory/2788-254-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2800-302-0x0000000002700000-0x0000000002779000-memory.dmp

Filesize
484KB

Download
memory/2800-303-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2800-301-0x0000000002700000-0x0000000002779000-memory.dmp

Filesize
484KB

Download
memory/2856-13-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2856-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2872-353-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2872-364-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2936-207-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2936-221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe\""	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads