411f3aaf443156cdc30c43c8a3ed12fd9d3751fb187246a1847da675b3f0516a

Analysis

max time kernel
102s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Size

389KB
MD5

d2b556cd08bfce90cbbd700c71112b70
SHA1

3e93c6689b3077a6142823ae3ca45b431e91cfd9
SHA256

411f3aaf443156cdc30c43c8a3ed12fd9d3751fb187246a1847da675b3f0516a
SHA512

58f8f1efc616f6065cad74f73ef4bdd93f82978b44369692a3f3a1be96e94f8a5eacc9efd9c77c04859d26b76da038f1452e5a298645fe8194db6518aae7f2c7
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDjF:Os52hzpHq8eTi30yIQrDDjF

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 25 IoCs

pid	Process
2868	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
1420	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
4220	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
4380	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
2332	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
2572	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
2804	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
1744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
1776	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
2768	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
4724	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
1088	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
376	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
1504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
3656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
2360	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
3700	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
2980	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
1072	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
4736	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
4112	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
1076	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
1156	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
3380	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
3396	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 14481ae1362c0666	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 28a8515352aeb93a	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2868	372	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	82
PID 372 wrote to memory of 2868	372	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	82
PID 372 wrote to memory of 2868	372	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe	82
PID 2868 wrote to memory of 1420	2868	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	83
PID 2868 wrote to memory of 1420	2868	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	83
PID 2868 wrote to memory of 1420	2868	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe	83
PID 1420 wrote to memory of 4220	1420	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	84
PID 1420 wrote to memory of 4220	1420	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	84
PID 1420 wrote to memory of 4220	1420	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe	84
PID 4220 wrote to memory of 4380	4220	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	87
PID 4220 wrote to memory of 4380	4220	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	87
PID 4220 wrote to memory of 4380	4220	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe	87
PID 4380 wrote to memory of 2332	4380	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	88
PID 4380 wrote to memory of 2332	4380	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	88
PID 4380 wrote to memory of 2332	4380	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe	88
PID 2332 wrote to memory of 2572	2332	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	90
PID 2332 wrote to memory of 2572	2332	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	90
PID 2332 wrote to memory of 2572	2332	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe	90
PID 2572 wrote to memory of 2804	2572	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	91
PID 2572 wrote to memory of 2804	2572	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	91
PID 2572 wrote to memory of 2804	2572	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe	91
PID 2804 wrote to memory of 1744	2804	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	92
PID 2804 wrote to memory of 1744	2804	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	92
PID 2804 wrote to memory of 1744	2804	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe	92
PID 1744 wrote to memory of 1776	1744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	93
PID 1744 wrote to memory of 1776	1744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	93
PID 1744 wrote to memory of 1776	1744	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe	93
PID 1776 wrote to memory of 2768	1776	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	94
PID 1776 wrote to memory of 2768	1776	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	94
PID 1776 wrote to memory of 2768	1776	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe	94
PID 2768 wrote to memory of 4724	2768	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	95
PID 2768 wrote to memory of 4724	2768	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	95
PID 2768 wrote to memory of 4724	2768	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe	95
PID 4724 wrote to memory of 1088	4724	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	96
PID 4724 wrote to memory of 1088	4724	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	96
PID 4724 wrote to memory of 1088	4724	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe	96
PID 1088 wrote to memory of 376	1088	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	97
PID 1088 wrote to memory of 376	1088	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	97
PID 1088 wrote to memory of 376	1088	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe	97
PID 376 wrote to memory of 1504	376	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	98
PID 376 wrote to memory of 1504	376	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	98
PID 376 wrote to memory of 1504	376	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe	98
PID 1504 wrote to memory of 3656	1504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	99
PID 1504 wrote to memory of 3656	1504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	99
PID 1504 wrote to memory of 3656	1504	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe	99
PID 3656 wrote to memory of 2360	3656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	100
PID 3656 wrote to memory of 2360	3656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	100
PID 3656 wrote to memory of 2360	3656	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe	100
PID 2360 wrote to memory of 3700	2360	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe	101
PID 2360 wrote to memory of 3700	2360	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe	101
PID 2360 wrote to memory of 3700	2360	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe	101
PID 3700 wrote to memory of 2980	3700	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe	102
PID 3700 wrote to memory of 2980	3700	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe	102
PID 3700 wrote to memory of 2980	3700	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe	102
PID 2980 wrote to memory of 1072	2980	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe	103
PID 2980 wrote to memory of 1072	2980	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe	103
PID 2980 wrote to memory of 1072	2980	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe	103
PID 1072 wrote to memory of 4736	1072	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe	104
PID 1072 wrote to memory of 4736	1072	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe	104
PID 1072 wrote to memory of 4736	1072	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe	104
PID 4736 wrote to memory of 4112	4736	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe	105
PID 4736 wrote to memory of 4112	4736	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe	105
PID 4736 wrote to memory of 4112	4736	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe	105
PID 4112 wrote to memory of 1076	4112	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe	106

C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:372
- \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2868
- - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1420
  - - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4220
    - - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4380
      - \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2332
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2572
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1744
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1776
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2768
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4724
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1088
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:376
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1504
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3656
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2360
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3700
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2980
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1072
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4736
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4112
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1076
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1156
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3380
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3396
        
        \??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe
        27⤵
        Modifies registry class
        
        PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe

Filesize
389KB

MD5
6542edd161dc7e8c39d83978a8103e2d

SHA1
9666e17a3b12c85376aa989ca75f977c00aed888

SHA256
aada505be5bfc555b93dbb4b83b79abc3e5bd50e43898b3d6c690226024021b0

SHA512
47fdab4cf7c7acaff4b6f9d1ea9e1e7028f4c5dd772aeb774cbad855e157252582e8ccb2402ac67a1965fb3a71ec7e21a3634b5dda0e8a87dede2db8042a1867

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe

Filesize
389KB

MD5
45ca2049c12b0733947bcf3c4bc45bc4

SHA1
d029400e995c71639b8268706ef4aa79598d4852

SHA256
b712344c480dd888cdb42e87e9937174ea32e1becdc7819703982e76039fcbd8

SHA512
6d2308e556a7384378cd3e1e1f871be133de1136cb2428668cc93a1ab74519f4b0e5a1f812efb6b85c15f61891f81328a2ca77ac96c446f5053029d4804a3e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe

Filesize
390KB

MD5
c994b335331d4e1073eb13b881595bfe

SHA1
a41eac3b0ed6ff16cf47d7a762e10583ee8884a3

SHA256
afec46ea278f98cd7dd49719618b6688d88986dd55f0d84dc6a114a4d041095a

SHA512
1815c33ade903e0995237a57ce7f149eb2ee801962d6239cac958708a4ff2cd4188635703bee801999d589622f2c57a639fc4f1e2959197dfeb1bbd231daca6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe

Filesize
390KB

MD5
6b1577d3d837f2301c34b117cb747440

SHA1
cd1b187717b1f73adf9146ead0cffc30fb03333c

SHA256
ecf7cb0712dbfcd8eb77f013ae00e834e61a3f09ec722dc9967e8c6599ed683c

SHA512
6ad75b81a827c302bd4c7315157c9db5eca447869da0e3c1c80197f5134395820ff529e9807328c31932c7da8e9ebb6af06ad4a90d8aa299c602cd1d1849aff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe

Filesize
390KB

MD5
98df50e138428b7093ae6f9d51991a4d

SHA1
ddedece5c1a39e4969ec4b622925a319ba063d54

SHA256
55c23771aa9dc55dfb78d48e387e91995c32a9bad82c61afa60b7fcfa44663cd

SHA512
32de9a775231bea781d0bf5fbaa3a95ac9b2c6f1338f0850b04454cdc4e15132ceee54c3718871fedb153f3ae7428f8664e455cb8c4e7457ad4dcbb747866478

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe

Filesize
391KB

MD5
c03dfdcc904886447241fd88d55ece6c

SHA1
253d7feecd59695eea6bb55d4419fba94293bb86

SHA256
b5f2e8cdeeab0047c6522104c7d8008dba173298625b73196c299208eaf26219

SHA512
fbbcc79d6800e84e8f805b640531098e7c5550f2528a72d11237a4f6576206b63f7b2145dbe8507f52f75c48e45e71b681e62b07c53a8380247dba4cdfbaee57

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe

Filesize
391KB

MD5
82df6822a3f231656e7858b94462e8cd

SHA1
af57ac781a9e984b701aa9056eb911c2572756e6

SHA256
04af006242a24dcff9d3c385836e9e9608321405c8db64364e1ec2b9237ff90d

SHA512
dd18a174911a077cedd4160e126d83937d8363704dad5ea6e074f0bbe68896f01f9f77848f43ea107e7e757ba12719d9db771318b64cf399c2d336dadab64819

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe

Filesize
392KB

MD5
afd9b042dcdae347a6c16c9f9b7218b6

SHA1
56bee68b0fa86dd3968c7397106eefd8117bec58

SHA256
716b5654d66f5ad0924c1dac62b5006229888b70692248792ecaebceec3936fb

SHA512
2c5de02fd63bb978de41332b083207d310879a91a33234b28ff56a3b2e19a1049788e24cb37ddb198d3ecd73ec0ca9437af71f4bb6004525f8c0008896a16dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe

Filesize
392KB

MD5
3e523e184415716af956cd03b37c9e46

SHA1
3ff243c3fd95280e3bc4cb2b9c1071319ccdc3a3

SHA256
f10bb161f4d0b66143caa2eaae42b1559b3b899bfc077fea9972214b0688ddde

SHA512
54754eefe8dc8a69914ec391003019aa2ce7784776b3a3b52766318e8eb5551a7a9d73db0acb300065fa3f8a6aadfe83c6bc572c5427dd90fa83e4ca6c5337b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe

Filesize
392KB

MD5
61a161ac28fd80bad07e2b7ef9073824

SHA1
017d660ec00bb0fb77c713b1485dc899fa5a2648

SHA256
e4d5abc068443d0711e28661bd30ca21b7b14be71021a2d43ab3d06529be10e9

SHA512
11b53c9a0de6c622adc8fc27b2ccc31a739c15280eed7196c12213a80674ec42d30989e3aa49d0df3e321ff36265d7ae0df9ffbd92dd078d7c4b019684b68c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe

Filesize
393KB

MD5
905b59224a538b8984537c658606247f

SHA1
ea28af8ddb4f89733672ae45c64fb8bdeed1df53

SHA256
858db5ae5f4280978b6c1f070cc3206838cd4352bc43429e4dca0523c8083508

SHA512
2649d351a0243f1aa7b58deec257adf75db43308aa4bdc4b15635fdfd6ef053ab649d647d7d4f27f2d950b422dec7ad8294bd1ae9c3b2617456048090546763c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe

Filesize
393KB

MD5
1470e41ba4ef1d00dd616deb77a3ed83

SHA1
cb62beafda458537c5a65370bcb381c1fd824e4a

SHA256
c9895c555e9102532f56feefaf9109c89d12507cab149fed49c28016203b1e2e

SHA512
ed787ad0a09dad643f1fe9280a934c751aec49707d193166187949ee52ed9162ee15f680215f7b244c92736794700d0dedb9b2101d3b1ddb5dc0afa4388af658

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe

Filesize
393KB

MD5
d178825b607fed5fae8f35ca38d4701f

SHA1
6f1d2226173581ec8dd4f50eb036ddccd6a0fc48

SHA256
303956b03f2fa668755a02908790a21f5c7d2e5669ee1ad7701792726238d007

SHA512
d8832f5dacde243fafc34603c72e4dfa03e8247fffd9e063feb351c5f887acafd08683cdd74312d03e27f98588f107142161aa399f7f5c8cd8e3af0bb33b045f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe

Filesize
394KB

MD5
c45199a9ff82dde41eb9531d8c5950bc

SHA1
7acb2c9e11841284ee7c345f6e205315d94c0f7e

SHA256
1e90197ae67bf1e9e981c665151292d2a851fb27268f348d84f65073a696b641

SHA512
6004776bb02793a1d2d1378a5a84ae5b0ed324a184deee16b7194b77c43c696ca0e2aa6f4ec0042080431e4b236db60d61862199fe5aa9941254952645b30b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe

Filesize
394KB

MD5
82d7f4140e350269a417e482bc7685ed

SHA1
ec7d9f333625b67c63d6f5272adac5bb0cd5aa62

SHA256
03d4357e4b9b4a8dce8b249d35e6d335bdc0ec3ddd564b8cf30b6ae73da6dcfd

SHA512
2bf2284266b7fe28d884e78fd9a726a11e6955dcc91404cf6b95197e08458f944d519a0a76fa9c7c5c8132a47c75abb71ac32d1db416f20bb79fd074825d49a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe

Filesize
394KB

MD5
922b7fc7cf0cadf3f23c241188a78c3b

SHA1
1c8d8645e9a452fcf1ec6eb82f66662a80e70930

SHA256
5b00494b012aff6d2d8885ba18771c3348176b4b0369c38094ce9f353e417212

SHA512
2aee8e1ddc5e641a8191826cfb59e08f3fb2c5204283424f8a12346e4c8f2d5ba61ca981e15bcdf67c57b1f84f835dd1ea7c23f0e3dd2058b2bfb22a098474e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe

Filesize
394KB

MD5
9b8c2978b99da17fa5da757e70ccde08

SHA1
8af3eca4bde6c61cf6c2549e8a5d2f2eb159f36d

SHA256
0c0f9ca70cc591f41956e9ccc812333287151f8d164590f8cac7da41ec94e49e

SHA512
0427d75f650762a11505b6a36e32ed723c5d9aa6eeffe70e2a6b2cf9259aedc8abd5382323ecf02ccd419de74dc2198afeb12ead7ab536a101202e251fb6ccc2

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe

Filesize
389KB

MD5
98b4e484270dfce1fdb1e54af5044c72

SHA1
e4a6afc155a711c358e508fb227267719bed6ff4

SHA256
3e1c1915173ba15b9f0fc41b05fa9678877d9536cc293afaf319e106c4347312

SHA512
1d2df9b79c40ac99278698eccb4743a61a0392e4879b415eabc983c6f403e8fbecce8635753b8bae1287789c41c07850942d58e38c105bd97fd848605454e4a1

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe

Filesize
390KB

MD5
d9345ff98c02b1c343f0d08137aa5684

SHA1
d0b6e5779161fecc78f751544d9300eb0089b80c

SHA256
b20f47b0522b39187516f22e3abf5cd0b04787bb623834f155c4b8c667fc0662

SHA512
8aa82d24f445f7bb4833769dbb7e54949b3762f93e6c8ea4dbb2b2468231588b066855cddbe51287c11a61eb1ec9b0b895e25a31e6422c200286b1e89f954d6f

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe

Filesize
390KB

MD5
0a7447535ec2673b9232d636ad62c117

SHA1
07b3feb3040b11c9e689648f564a57d8064f0928

SHA256
1f6fa8a91780cbac8b22e5b6d07d408bec240446cc1db0d37c51b8f1b3ec656c

SHA512
1ed0e92f04849e51f4afc66137f1196d4cd5d6b3adbd50538a21d91748e57c950ba10fa5fe37384ad3ab2079240455d39cc07543e96145496ce57ee685a22704

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe

Filesize
391KB

MD5
22ad84fa9b577c308fcfc12701389a1e

SHA1
d41d853b8144160af08a82b645ae9e222f886923

SHA256
a69f08b2122333f9d2a78ce4a6499011d54a927fabb0328c4cb2846b5158a497

SHA512
37f1f1f7d1780bf7292a3984da8f62e074a3cc77c365bd76141cf97e216df57a5b88d24d7303f720e9dc1d8094587c789cf0e95cc715f10adf5aa33308c6ed2a

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe

Filesize
391KB

MD5
4be6e1c5e22ad33dccff416ce1a40de8

SHA1
d2c3982440704d7fb532d310366ef754270d6d59

SHA256
65c1b01f3be4c76d75c911cc82f3bdb95b69e93f4ce6b4ccaa5ac79b4ee9e1e6

SHA512
d0352444cc5e4ceddc6a316350ef0f62239721421ccd470d7656991f4ef5b2ff4706e748b9c2cc44e7aea44e42448eca834e5f349c3364649247ad5bcb17d628

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe

Filesize
392KB

MD5
db040f58ecb26d731eacbce51922b400

SHA1
a137739429bc791ba3fb7a83a76e10da79b6e27e

SHA256
a2e2bb0ffe547f01c2f971f85544a3c9fd2bfbd467eeaf0c3051fa0d4e744721

SHA512
da707f389a989185cb7c3f6bd5933339a3ed7405dcace8a8738bcc02ebf4fb1961e7f0130271527fb50ecaa4e0c55e890d2da80d415cdc95e10347b55055cad3

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe

Filesize
393KB

MD5
db294bf447ce62a976f3be3b7c3767b7

SHA1
141069494d7dbd9bcc26dfb5f7ab88533f254840

SHA256
63a6dea2e1ea1c4c48c346d0bb4bae78f96de2e5e7d8992635902b85a8c867ed

SHA512
80b892b2fe0987957333e4da1d0c9a458e2aec12ea0c5c15071013464081155e0947ad1ed28516c8731efe1cf34f3b65a3d50d1f05e501baac7878024ed35724

Download Submit
\??\c:\users\admin\appdata\local\temp\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe

Filesize
393KB

MD5
3b3b36155c81fff4d3d532238cd3802e

SHA1
62d5a16991cc34bab7121fe333f0f16e2817e19b

SHA256
bdbc576a4c8a0131833267a034bb1cc8ac4bf52cf172d8cac3ff1365bb3c2fa2

SHA512
b00970381111ab5e5f3b14fe41ac4f514b626280d6ece3fbcd311ff9201ad086d29197a3c8782422e0d3853b900f8d773c6246f4ecde520c25f1e8690c165139

Download Submit
memory/372-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/372-8-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/376-145-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1072-204-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1076-236-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1088-133-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1156-245-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1156-237-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1420-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1504-143-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1504-153-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1744-92-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1776-101-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2332-61-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2360-173-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2572-76-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2768-103-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2768-113-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2804-79-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2804-81-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2868-11-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2868-21-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2980-193-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3380-255-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3396-257-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3656-163-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3700-183-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4112-223-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4220-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4220-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4380-50-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4416-259-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4724-114-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4724-122-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4736-206-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4736-221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202a.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202.exe\""	d2b556cd08bfce90cbbd700c71112b70_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202j.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202p.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202v.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202e.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202c.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202u.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202y.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202n.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202t.exe\""	d2b556cd08bfce90cbbd700c71112b70_neikianalytics_3202s.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads