67ccde8bdbd7cdb9993b47efbe2439b5e66d1e8557607b6c2f9d19667242957b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Size

134KB
MD5

6bcb9f16c35e766772ce525baf9893d0
SHA1

b29b838a47f89f31e04d8bf3944f11dc92509fe0
SHA256

67ccde8bdbd7cdb9993b47efbe2439b5e66d1e8557607b6c2f9d19667242957b
SHA512

b23ba97e99c09f799fa4197efc7cac0d728477f1b45be498cf3c1fd1873095a117a8ec1eea41e904269bdd5fc20de00ef0a342213894fe6f55f38bc01ab798e9
SSDEEP

1536:3lyrnWeAFQIBjBAwzATQz0Hj9w9zlKXBlN5u9LsX/u+sa7Hx5E:onFIQIBFNkTQoK9CBlyYXPsa4

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9B-B789-11D2-A707-0080C8381E75}\ = "IAtheneEvent"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9B-B789-11D2-A707-0080C8381E75}\ProxyStubClsid	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ProxyStubClsid32	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Axm631.AtheneScheduler	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\ = "Axm631.IAtheneEvent"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Axm631.IAtheneEvent\Clsid	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\FLAGS\ = "0"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ = "_AtheneScheduler"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ProxyStubClsid32	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9B-B789-11D2-A707-0080C8381E75}\Forward	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\TypeLib\Version = "1.1"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid32	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ProxyStubClsid	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\HELPDIR	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\TypeLib\Version = "1.1"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\TypeLib\Version = "1.1"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Axm631.AtheneScheduler\Clsid\ = "{FDA61D9E-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\TypeLib	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\TypeLib	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Axm631.AtheneScheduler\ = "Axm631.AtheneScheduler"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9B-B789-11D2-A707-0080C8381E75}\Forward\ = "{6814C8DE-EC12-11D2-917E-006008315C0B}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\TypeLib	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Axm631.IAtheneEvent\Clsid\ = "{6814C8DF-EC12-11D2-917E-006008315C0B}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\Programmable	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\Programmable	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\ProgID\ = "Axm631.IAtheneEvent"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\VERSION\ = "1.1"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9B-B789-11D2-A707-0080C8381E75}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\ = "Syncsort Capacity Management Scheduler"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\0\win32	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ = "_IAtheneEvent"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\TypeLib	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\Implemented Categories	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\FLAGS	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\TypeLib	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ = "_IAtheneEvent"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\ProgID	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6814C8DF-EC12-11D2-917E-006008315C0B}\ProgID	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\ProxyStubClsid32	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6814C8DE-EC12-11D2-917E-006008315C0B}\TypeLib\ = "{FDA61DB3-B789-11D2-A707-0080C8381E75}"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FDA61D9D-B789-11D2-A707-0080C8381E75}\ = "AtheneScheduler"	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\Implemented Categories	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FDA61D9E-B789-11D2-A707-0080C8381E75}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FDA61DB3-B789-11D2-A707-0080C8381E75}\1.1\0	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2740	6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6bcb9f16c35e766772ce525baf9893d0_NeikiAnalytics.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2740

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads