97df734080f42a26e54ad9d0ae0af7df2d6ddc816163e35a89e65f121efe3a38

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 02:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
Size

383KB
MD5

8472e17366922a532cd8040e2aa3afc0
SHA1

3b80a9f26aee92cd28e1b3948f6878236eec7e43
SHA256

97df734080f42a26e54ad9d0ae0af7df2d6ddc816163e35a89e65f121efe3a38
SHA512

b89d3e123e6e56bd3d54ceaed68af47651ad1f548c0f4f3738c9799679e3e1d76e13c23a65f32145eb082b45926f316e745cca8a857e622e10ec6f2c49d001b5
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4JZo:rqpNtb1YIp9AI4F8Zo

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
2596	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
3020	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
2392	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
1776	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
1280	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
2140	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
2268	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
572	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
2360	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
3028	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe
2028	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
2596	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
2596	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
3020	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
3020	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
2392	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
2392	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
1776	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
1776	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
1280	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
1280	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
2140	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
2140	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
2268	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
2268	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
572	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
572	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
2360	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
2360	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
3028	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe
3028	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8b3882be118d041f	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1936	3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 1936	3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 1936	3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 1936	3028	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 2552	1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe	29
PID 1936 wrote to memory of 2552	1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe	29
PID 1936 wrote to memory of 2552	1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe	29
PID 1936 wrote to memory of 2552	1936	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe	29
PID 2552 wrote to memory of 2568	2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe	30
PID 2552 wrote to memory of 2568	2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe	30
PID 2552 wrote to memory of 2568	2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe	30
PID 2552 wrote to memory of 2568	2552	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe	30
PID 2568 wrote to memory of 1732	2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 1732	2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 1732	2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe	31
PID 2568 wrote to memory of 1732	2568	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe	31
PID 1732 wrote to memory of 2660	1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe	32
PID 1732 wrote to memory of 2660	1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe	32
PID 1732 wrote to memory of 2660	1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe	32
PID 1732 wrote to memory of 2660	1732	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe	32
PID 2660 wrote to memory of 1656	2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe	33
PID 2660 wrote to memory of 1656	2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe	33
PID 2660 wrote to memory of 1656	2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe	33
PID 2660 wrote to memory of 1656	2660	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe	33
PID 1656 wrote to memory of 2300	1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe	34
PID 1656 wrote to memory of 2300	1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe	34
PID 1656 wrote to memory of 2300	1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe	34
PID 1656 wrote to memory of 2300	1656	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe	34
PID 2300 wrote to memory of 2148	2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe	35
PID 2300 wrote to memory of 2148	2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe	35
PID 2300 wrote to memory of 2148	2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe	35
PID 2300 wrote to memory of 2148	2300	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe	35
PID 2148 wrote to memory of 1048	2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe	36
PID 2148 wrote to memory of 1048	2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe	36
PID 2148 wrote to memory of 1048	2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe	36
PID 2148 wrote to memory of 1048	2148	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe	36
PID 1048 wrote to memory of 2172	1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe	37
PID 1048 wrote to memory of 2172	1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe	37
PID 1048 wrote to memory of 2172	1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe	37
PID 1048 wrote to memory of 2172	1048	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe	37
PID 2172 wrote to memory of 1692	2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe	38
PID 2172 wrote to memory of 1692	2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe	38
PID 2172 wrote to memory of 1692	2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe	38
PID 2172 wrote to memory of 1692	2172	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe	38
PID 1692 wrote to memory of 2820	1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe	39
PID 1692 wrote to memory of 2820	1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe	39
PID 1692 wrote to memory of 2820	1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe	39
PID 1692 wrote to memory of 2820	1692	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe	39
PID 2820 wrote to memory of 2088	2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2088	2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2088	2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe	40
PID 2820 wrote to memory of 2088	2820	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe	40
PID 2088 wrote to memory of 2084	2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe	41
PID 2088 wrote to memory of 2084	2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe	41
PID 2088 wrote to memory of 2084	2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe	41
PID 2088 wrote to memory of 2084	2088	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe	41
PID 2084 wrote to memory of 1168	2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe	42
PID 2084 wrote to memory of 1168	2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe	42
PID 2084 wrote to memory of 1168	2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe	42
PID 2084 wrote to memory of 1168	2084	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe	42
PID 1168 wrote to memory of 2596	1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe	43
PID 1168 wrote to memory of 2596	1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe	43
PID 1168 wrote to memory of 2596	1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe	43
PID 1168 wrote to memory of 2596	1168	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3028
- \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1936
- - \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2568
    - - \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2660
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2148
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1048
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1692
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2084
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1168
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2596
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3020
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2392
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1776
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1280
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2140
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2268
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:572
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2360
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3028
        
        \??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe

Filesize
384KB

MD5
430007fd1d436fc374ae9d2195b3a5d3

SHA1
0597b0de34dda47ef7b1c8387dbf6404b2187f27

SHA256
f3c926da9dc997b7e59db32066beeddbf3effdfd0a88f11315cf62c8e792ff9c

SHA512
c98f7ab0b7a17308f0486e5b1f66f9d266248b27d093d364ff36b240e6be6e3617c7374c7fccfde85eeeb12cba30508898feb38aa6cde84e90822c5c5ba4a9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe

Filesize
386KB

MD5
25f474c0831d1c1930486750b204293d

SHA1
66d5d992f192905810cfe8aa352f90c542b88462

SHA256
a47e92e8f2aeb24fe6e05743b3e5688927b4243d850ed5bc860ab1449ab01074

SHA512
528f06245768f71c4626ed56980bcd0a844cf1196434c0519cfefd655f38fb2c63be993baecd64573500428c0d3cbe18d2238c8dfd7b3c1d29a47ca190bf7a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe

Filesize
386KB

MD5
db70aefd68fc1a127e906da51561ef27

SHA1
b9c9dc6171df2c5e4fd72c6b448f356ac99a30a0

SHA256
03bb3d8f8b7912ac7ddfcde708051ea59f0a7f48d064797988b61c526a858323

SHA512
da9e137bc27a78ad3cacab0e006898817672aba1aa72bec548186c4edeef3db1a10b9cf7f0a7d97421734fa05698afdcb5eb1b8255804642fc57e7e908196ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe

Filesize
387KB

MD5
2f4734237f55b5ef5e43049ab1568b34

SHA1
d32462c104edf6d99368caa8f2af2de7e52b0944

SHA256
7efe0622aba4e0e54fe809bb935955389fb7a85f49776382195ba136d9f9f2ff

SHA512
fe9303d5c514fd4d4d1bb1eb72d7ca7cd642e791aa3d95bd77d8e36fc440460a77d16491361081e42d479f9801044038e7e007350db9949e05ea1d5568992afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe

Filesize
387KB

MD5
ebe48ede807f3e71e118084a4f079f00

SHA1
0e4f5836d007c94c28cb7383ae0ce0ab92a09b08

SHA256
bed066173cb0939c5bf4db9a8bcb5b652f118b9b9181a2fb2a0035914edc2ad5

SHA512
2085b4a29e32e6089841db16eeaf08b41cb10b031751ab83906d8101571938a931d46ea6bfd3763fc242f152eafa5ba346adcdbee79444f7548bccefa8cd1eae

Download Submit
\??\c:\users\admin\appdata\local\temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe

Filesize
384KB

MD5
9790068afa19b1b26efd816f05baa52c

SHA1
fccd2b90107a043f646d7e4d728d10fc5ee5233b

SHA256
de2c64a1b1f74ed3eeecba7a71dea5e1a3dca9e0e25cb914887627150cee292a

SHA512
a3931f899b3679556ca89f5636a35490f0a7db09794fde8e5049c1d4b507b36f8e89e54e033acccf267640b559a7bc58fcbf58cd400c679c28e5c2976741edcb

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe

Filesize
384KB

MD5
a8a27c7123671d19c101ae2e871d5c70

SHA1
dc4e2d354ec60603ebe510c79679d8210da2428f

SHA256
703a2e7c58eeb4b9aedcbb4c59383499584ac755ba10c3764382dedcbff7af02

SHA512
507d3ce81371f09ab5ed3a0c55fcbe6bc0a44c9f1a2945036f13d035f290b51ffb1dc4225e8e2f46bbfe3798c8a232d633872486de2fd678ec66a52644f4ffbc

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe

Filesize
384KB

MD5
7118ebcaed75a61b671abf5dd1e8f2e3

SHA1
864422bfee4e856cc2310bcaee9e2e6b56e2a664

SHA256
495d3815d51affc260b3138e95dcb278d4573195066291a21559d62134601cff

SHA512
1df7bc8cf03c472872a44f023ada1c30cdefb5a797718c8b0e87e6764e5ea2efac1c8e977ae2285435c2c53d7bebebd3e5fedc803f7a364f9b1e47b116d65804

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe

Filesize
385KB

MD5
73a816a9c1038f5e7a7e9fdea5fb1f50

SHA1
19e03f145f77bd1a1c79a48432ffb1c41580c376

SHA256
34e034b21d95c118e8f4a75ea7f58df418f9c838524a420809b00ee705ac8129

SHA512
59b092dc63340d002ff24b67ed4a6ea57662e39c7091aac8dd9a6782b4121704a429e3ee48a30f33b0673511cfe20e4b9c7897c9244593367fb363c7511cd77b

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe

Filesize
385KB

MD5
f3ef7770354fc268cbe0235df2fade1c

SHA1
b74d3239f9e1d145e485aa48f8b5a0d650bffcde

SHA256
516dbec3612c91dd4b66235c8247bc525c3bcf86dcf236fa909ae639fc869165

SHA512
b4e89004f9d4c4e2267aa6f444928b77db7b4d1cadf93a2694025ed4c34ea8a7febd2ba8f17ccc587c9fa4d4cab61342aa86096764409e2a7d7a576a00d5c262

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe

Filesize
385KB

MD5
5eacafae0b0a576d7dc10a21cd63fc66

SHA1
730b8edc3208c59a6a90421b80cf520b029824e8

SHA256
8a58c4d322d3d776bdef10d11e522cca0fcafe24ba5c56c70ec336743b19ee4d

SHA512
dc6bb1284e88c7ef470ab16ba48430a4f4b2479920ec5272880e897a4adede7d48b0323b984c431eef6848588afe55c60d561728e718605057f45abc2f82d6bb

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe

Filesize
385KB

MD5
aba8950edea81e253a3d75d3a80eed81

SHA1
16da6c57a0b4744b82be8f2ed0bd14f917642957

SHA256
0557df53c76d02433aaadbec6179ab8e48b33d454657aa54f10e0003f2392c80

SHA512
3ff455b5e566f019a210d5066a215ede791f0031cc16b5c477e46d0b1a80b817be438537f7899b2e2418dff833fa886353cf275ed398ada0852bd15bc3d8602f

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe

Filesize
386KB

MD5
12a6347b773d9c699b962564474a6d6b

SHA1
f61a9f8daa4a8c60eb3b93ca3fbdd9ef600c1741

SHA256
fb387c17ce832f7560e56123ea14df6d1aa9858155b1b625d38052beaaf2c40a

SHA512
9457eb318a69838dcf11cc08c2f067fc80ad7b3990e231a01aaa7d7a01a2413c9862ab75ef4c66835d5414a7f4e735198f310538cc6d7cd4a8efab3706c851bc

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe

Filesize
386KB

MD5
5c5cd8a6f59c812f2391c16ace3e827b

SHA1
8d1fea70384d616bd559224b6cf371744918f0c0

SHA256
5accdfca34d6c2dd9b3f5f722429681d4ea29537b4c16c014fa0af2cfd82fa83

SHA512
64d0d9888c2902b847863d2a24eb57656deb4e6d365fb206438cae362d666d27f345648ffbddb890880cd5d2c21571be5b60dc7f06f21a4b71caf1574eb7ca88

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe

Filesize
387KB

MD5
9698b92b94dbec155e0aa264c53a16a7

SHA1
d2dd81eb2a249a593ada3d086e6a547d95f8e332

SHA256
da423340b32870b27180ee06c093028ae7efb4e71c518d6f6215dcaa89f7f9d0

SHA512
ecc1619b0513bc2c7418e4b6df7ff86c0f6b333898951602da66f2eee492a06d28673681d5959326c3a98af364b83a2912c807387307bc94cadbfa1889ac3703

Download Submit
\Users\Admin\AppData\Local\Temp\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe

Filesize
387KB

MD5
ff9a3f5b372fefbcc5ee57e922d8d916

SHA1
a2f4cec1f7ede7d89d71382debd53870add15516

SHA256
2ab5d51bb35420661c96cffc7a8125d61e92900f40db81b8987aa0539e739465

SHA512
d06ee1794de66ec2effebfdbfb1341c456d61495ab33e35390d7645d99525d3031d3321cfc4d231c54f653eb25bab752deab518b9cd5347041e22acf7fb0a1f1

Download Submit
memory/572-343-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/572-337-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1048-140-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1048-154-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1168-234-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1168-247-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1280-308-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1280-301-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1280-303-0x0000000000370000-0x00000000003B2000-memory.dmp

Filesize
264KB

Download
memory/1656-107-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1692-183-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1732-77-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1776-289-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1776-295-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1936-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1936-29-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2028-370-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2028-369-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2084-232-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2084-217-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2088-202-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2088-215-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2140-314-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2140-320-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2148-138-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2172-169-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2268-331-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2268-326-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2300-108-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2300-122-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2360-356-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2360-351-0x00000000003B0000-0x00000000003F2000-memory.dmp

Filesize
264KB

Download
memory/2360-349-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2392-283-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2552-37-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2552-46-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2568-47-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2568-62-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2596-260-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2660-91-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-200-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-185-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3020-261-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3020-272-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-368-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-14-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-362-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe\""	8472e17366922a532cd8040e2aa3afc0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202q.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202p.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202c.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202f.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202l.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202v.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202b.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202o.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202j.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202u.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202y.exe\""	8472e17366922a532cd8040e2aa3afc0_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads