1824a482c7cf354f5f4ba053610365569d255d6af63acb32d0e8f3e82ed76592

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 05:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe
Size

470KB
MD5

a09dfd847f22ee4b688c59e381f803a0
SHA1

002960bf134239d3cfe1de23e79fa049ccd89942
SHA256

1824a482c7cf354f5f4ba053610365569d255d6af63acb32d0e8f3e82ed76592
SHA512

58ff16c2426adc75b73f7ec02408ea94ef5d5d52a1e7f92f442851a1e22c2ae3bb42c04bc0484a0771e53ddcbb645829bb36782d50d81b8c785186aa300ec200
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/blQLQq:Os52hzpHq8eTi30yIQrDls

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2792	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
932	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
1664	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
2332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
1088	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
4576	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
1180	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
2796	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
4532	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
4320	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
4420	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
464	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe
1688	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
3804	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
4332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
3328	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
1364	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
3096	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
4544	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
2652	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
2536	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
3004	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe
4872	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
728	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
920	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
2300	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 248a70af2c201fcc	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 2792	716	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe	82
PID 716 wrote to memory of 2792	716	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe	82
PID 716 wrote to memory of 2792	716	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe	82
PID 2792 wrote to memory of 932	2792	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe	83
PID 2792 wrote to memory of 932	2792	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe	83
PID 2792 wrote to memory of 932	2792	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe	83
PID 932 wrote to memory of 1664	932	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe	84
PID 932 wrote to memory of 1664	932	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe	84
PID 932 wrote to memory of 1664	932	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe	84
PID 1664 wrote to memory of 2332	1664	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe	85
PID 1664 wrote to memory of 2332	1664	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe	85
PID 1664 wrote to memory of 2332	1664	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe	85
PID 2332 wrote to memory of 1088	2332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe	86
PID 2332 wrote to memory of 1088	2332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe	86
PID 2332 wrote to memory of 1088	2332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe	86
PID 1088 wrote to memory of 4576	1088	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe	87
PID 1088 wrote to memory of 4576	1088	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe	87
PID 1088 wrote to memory of 4576	1088	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe	87
PID 4576 wrote to memory of 1180	4576	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe	88
PID 4576 wrote to memory of 1180	4576	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe	88
PID 4576 wrote to memory of 1180	4576	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe	88
PID 1180 wrote to memory of 2796	1180	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe	89
PID 1180 wrote to memory of 2796	1180	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe	89
PID 1180 wrote to memory of 2796	1180	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe	89
PID 2796 wrote to memory of 4532	2796	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe	91
PID 2796 wrote to memory of 4532	2796	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe	91
PID 2796 wrote to memory of 4532	2796	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe	91
PID 4532 wrote to memory of 4320	4532	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe	93
PID 4532 wrote to memory of 4320	4532	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe	93
PID 4532 wrote to memory of 4320	4532	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe	93
PID 4320 wrote to memory of 4420	4320	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe	94
PID 4320 wrote to memory of 4420	4320	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe	94
PID 4320 wrote to memory of 4420	4320	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe	94
PID 4420 wrote to memory of 464	4420	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe	95
PID 4420 wrote to memory of 464	4420	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe	95
PID 4420 wrote to memory of 464	4420	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe	95
PID 464 wrote to memory of 1688	464	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe	97
PID 464 wrote to memory of 1688	464	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe	97
PID 464 wrote to memory of 1688	464	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe	97
PID 1688 wrote to memory of 3804	1688	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe	98
PID 1688 wrote to memory of 3804	1688	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe	98
PID 1688 wrote to memory of 3804	1688	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe	98
PID 3804 wrote to memory of 4332	3804	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe	99
PID 3804 wrote to memory of 4332	3804	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe	99
PID 3804 wrote to memory of 4332	3804	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe	99
PID 4332 wrote to memory of 3328	4332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe	100
PID 4332 wrote to memory of 3328	4332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe	100
PID 4332 wrote to memory of 3328	4332	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe	100
PID 3328 wrote to memory of 1364	3328	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe	101
PID 3328 wrote to memory of 1364	3328	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe	101
PID 3328 wrote to memory of 1364	3328	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe	101
PID 1364 wrote to memory of 3096	1364	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe	102
PID 1364 wrote to memory of 3096	1364	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe	102
PID 1364 wrote to memory of 3096	1364	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe	102
PID 3096 wrote to memory of 4544	3096	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe	103
PID 3096 wrote to memory of 4544	3096	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe	103
PID 3096 wrote to memory of 4544	3096	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe	103
PID 4544 wrote to memory of 2652	4544	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe	104
PID 4544 wrote to memory of 2652	4544	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe	104
PID 4544 wrote to memory of 2652	4544	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe	104
PID 2652 wrote to memory of 2536	2652	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe	105
PID 2652 wrote to memory of 2536	2652	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe	105
PID 2652 wrote to memory of 2536	2652	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe	105
PID 2536 wrote to memory of 3004	2536	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe	106

C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:716
- \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2792
- - \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:932
  - - \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1664
    - - \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2332
      - \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1088
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4576
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1180
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2796
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4532
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4320
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4420
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3804
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4332
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3328
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1364
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3096
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2536
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3004
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4872
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:728
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:920
        
        \??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe

Filesize
470KB

MD5
ab2c081926bc5d60ee38bd0527c4a917

SHA1
423016a2f277419512994c355c84bd96c9e191f9

SHA256
e3912976f69b2e0f1c41c3e701a6b610be0866b9b98c8bd8d93c2961c25ab707

SHA512
0939fb7922b622944b73ad1ccb3aaeab7dc36964148a3b758e4fa9aa0b72a60cf943d6d60c338083c6808c393bd37113008d41eb6239ce57685ba8e08dbcb2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe

Filesize
471KB

MD5
ee223df02f72a6a052526a0e4b033b2a

SHA1
5e65804b06cc005b7b108dab6bc3d8991a008b88

SHA256
e5fd6914b4e44de85c1638076d386e8ed733635af34bc70d0ebcf8a02308b9b8

SHA512
f2f8592d81230f915bad7503275958f0a2320ac4b8faa0dd009c2d8c7d0b8d0c9baf4561571d7124c055a933be0899815312ad58aa3092f3a832ca571038e82b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe

Filesize
471KB

MD5
9e2402c8689af1eb89d9b5312c2b9c26

SHA1
9b1d8b4bd06e207adcb2775c9adcaec5a2d801ea

SHA256
eff0eb447ff2e1afa36f0d5ad2becc36843077bf0d53660f084b31c5f79e86a0

SHA512
323c1c73f53a8c2416faab5a1256aec55b98393e5336857a9c2657cdf301364fb0ac6bce1695c04905c6fce55ca422003f4c9a88a8e5719b76d567acdafa2cad

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe

Filesize
471KB

MD5
7c80838e5f1b58c2046862b192c46cc7

SHA1
8a8ba7f66433d857c36db084d9fbd21469618f15

SHA256
7c12ac73919e49eecd18d991badec81f78200de4d1779aa3323cb45656ad9025

SHA512
d0d4b5badafd407506e63812c67e23cf024cfc35374990527de9c2a2356fb438bd1c3a99374e4e12fd7c909b1383f35cc4d5f30ff44797701cc8f262ba14bd61

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe

Filesize
472KB

MD5
cc736660ac25e818eb84b8b32ed671f7

SHA1
cbffd36c8578dab8f593fe87ad76926a574be761

SHA256
06aae99920563f1f528c7732b8445f28d04a238b457dc57bde99df07d855f299

SHA512
517235dd609b192650de4c7a73697c09d565d7057786a448906b06a97ed4d7b0dd7a2df22acb40a5c199befef6cd655285308113308290fd37f375f9b1b82720

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe

Filesize
472KB

MD5
da49b75be2170e510716f62cea9271e0

SHA1
3938118cbec836d4e21c6cd178db9a3af8f6d7fe

SHA256
81aa7cf620a10ed976063ccf88179a713a5db078452f3e6ae9b3382c139ba3cf

SHA512
00bb9706195e7797f1f41ebedea9b0ba0d57ddbd161ea9c6772cd15e3302a0d7567813d64ac0d4bfe3aa12051f44ec0d57286c24dd3e0e9aad25831a5374b3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe

Filesize
472KB

MD5
b782dcf9cf14311851d8d074c7da031a

SHA1
ba7ec34b3d222f23defaebc8f6b6540fd5938af3

SHA256
4a9822710cd49c313f2d1c67b01f88a1aced66f0c1c2ec871fe310db4783a5e7

SHA512
a96d10fc5e5cc1596ebb6e9a73420ae4885c706f5852a7c0e1ae92ece7ab5f1bc471b2049ea0cdb5d391231638a3c4a6b13f3b76a425f0718ff4eea90689b1b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe

Filesize
473KB

MD5
e5a274d3fe9e52511c4ac20e172fd355

SHA1
3f50aab93491bc8c6f6ecd755ee9bd99967c3f34

SHA256
3722757a33b9fee78df7b4da7516ab3600f95156401824d5f69b38fe72f47911

SHA512
26bbb1e6d52e1e3b5f2fde46bd13583b538071bc90632aed2bce74463bb27ae7a6a6dbff6812fa73d1daab1930a923adaaa5b18e1ca39abbc5af7dda812e0028

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe

Filesize
473KB

MD5
d364c3388ce4534e684ef7cef4de01c8

SHA1
10df35506dc459f8384d68d2a522791e92955c42

SHA256
a41db0e9eff9b48656b0d09cc68c210bf4685d79c78219d2628f8fe13493ca5d

SHA512
85920b1c7e940388cdd199cd2f470684121d7c45c8eec4db4b3be0a6cf3d7b12a9d3123c38374cfffa05892c069be07681ca0076f01f0bcc9638254c3aedf6ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe

Filesize
473KB

MD5
45426e4bd002c345e40832c4d12e5f41

SHA1
bf11bdf5854c4ae4cc82b2c034dbb18068c65344

SHA256
abe1d758baff2ef26569ba09ce9c42fc5e8bf1428f85cc7a5faa291d9201563c

SHA512
f9fb4489db1160879ec3b1a1c4e9786e91d50d36b2c2bd06d965a914d23ef0747ae51a06d346dd26e34a5902a9072ea9267b626bccb38e23fa784f7feab0439b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe

Filesize
473KB

MD5
be8d27fb43597ca39639c86a5eef0073

SHA1
aeffc826d686cc293a901aba5b78d7c81ab5f153

SHA256
42e8780d229a69326cdc0f4252149dee81a48f2512e64c7ac9f425088e68d4dc

SHA512
1a37be4780b1a952c616dedc9a094d95a53dc50686fb701824f828f4093203689a0340cea4c4a44fd26dc948d326aaf498eec659552d1cd2b2fb23f24364bb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe

Filesize
474KB

MD5
ded242fe8354abf15a673402a7fee48e

SHA1
e76f848bd9ac8bc73c9bf2cc5da840ff61182d8f

SHA256
d5048d8abcdffef21dd81a86bd063c3a99f8c71282a7298d4b1329f6cdb0a790

SHA512
87ffe8d242077ee31202cd0193ed4338336265d187d86534a388cf3a80c9357afbd70b392ee6f5861478100bb6be771d9647581743e3dadc408cf58ebb6970fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe

Filesize
474KB

MD5
68f1a76eff16b728d44654cb3b908e5b

SHA1
f89259bceb1c279b6be8ccc573f3d9e465a9200e

SHA256
e0b372c165603f4afcfc26fc111a156918263742c94320744e83654a03c5b228

SHA512
c8e3d7fb731318d439d505ff3fcd4a6cc23c7419df7f00e8b50e3c3ca83a74910a20881117d54bc80fcccc7e229dbb655c18a1aea31c6cda942d7eabfc9ccd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe

Filesize
474KB

MD5
0316dc03dbd659ac865d6b04443777d7

SHA1
f6b08cdf3683f8e1de1cc58bb1c65837847d4a24

SHA256
43a379399056096376e9997f152d46909d38107d8480ad351b430be27ddf4afb

SHA512
1086ef086554e8565f2172304692503133805e2477fa918e9c87f78bc9672f3f62b870d5e2a9b33aea1100215e76ef36b41c6aadf32b7fd5e253d92b4cd00a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe

Filesize
475KB

MD5
fb7ba228712a34dd3ce130097009846b

SHA1
a98b515c083e5a50382a4ae1bf8840137b95bee7

SHA256
58389fa1ebc9b94b18cadfe53dcd29463900133878756434efdc30501238a35c

SHA512
2470f1d817bd97348d1bf98bb96cd7b4a46c7970b59ec5e11101be808b78f2b4135b27a9c39ce4813101388e1058fc7c5e9e1ca9fda48ae1003afb1e63e66282

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe

Filesize
476KB

MD5
17616edd4a3bc065856f7f28e604692e

SHA1
7a17951b7e229cb6ec95cbbfa202f31ff9343387

SHA256
07ea993c8f2ae04b5d341be59261a08f1c75e2b7c830892457fb4652a75730aa

SHA512
130c074cf661d42cb11ed0ac33c337a464ae42bf1f8fdfd5716783a8d548ce5216ce9a4691a9bd6d701331f7d2a9fa28fe08e81601972db4e49287f94ac1589c

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe

Filesize
476KB

MD5
51e0678e0893ce81c82a89c712771137

SHA1
b32533811c420ed5df3989d56a3c6808f476def3

SHA256
e3f963fd4123a7117ea3de543b78c16d57f72c6d33461bbc4c6847b78fd1e67e

SHA512
59ae2fea00ebcad3103a399a9318569a38740b887a19f4d8cbfd00a95eaf329ed00041f0bbd872c8c608dcc917be0e19db11865bef6e2423870c4b226acbf0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe

Filesize
476KB

MD5
aeb5479f698ac5c5a24711f34b5edf6a

SHA1
1b0717f2a39633cc84da6ff9f882414fc23241e0

SHA256
ab704c8ce8cef29bbd7d79dd0c480fdc52c3afa3c9ae7140a322c60efcec4182

SHA512
526556564d50b34771901b83963bf5d2a54ea035f1380acaa77dcac76691c750afcaf07a8e961ebc964f3baaa58933f39bea612199df96b5128afb29b3be6e20

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe

Filesize
471KB

MD5
9f75a37790e19dea78d5c7d6af7f2ff1

SHA1
bd06f22d2b5f18717eaeeb35149feac2269b657a

SHA256
0b67f747153a8c415f962e1e9c2b413cd3c92332c20ddcfd8ff10fa44adf0d94

SHA512
6d99e33d68835f71460fa7cd1043eaa8ed1674f6f9bda23356a2349e263677df9d7ba31424dcdd98d114043fb699db4611faaaa2c2239037e4f9258fbe638b81

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe

Filesize
472KB

MD5
ad0d082d0f23e8283c3e658fc8f89959

SHA1
118b44e17c1491deec8535d6137a9b686e4e44f8

SHA256
dc282bcc9269d748eea99c22a7946f0033c249d3052b5669f1c37257f4bd8742

SHA512
d495a189c886207afbcf33faf987367d81eb28818ff41e7e6452bb6bd722c22173c67f996885f6743669e27f851799556f922ea12d25bfd50b2228a6894c7fbb

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe

Filesize
473KB

MD5
9e5a2f93fb179686a267244beb864d71

SHA1
20700401abce1a69a92f5081b23055ab34bf552d

SHA256
11c0189128674dd2d7cde3e4c1f6aaffd9fea592cbd0ccafd39cda0f58c2e9be

SHA512
dce89d8376cf60de194f5d3353e5ec9a55c49b1b2a55093d2c1c68bc02226e1a4384193bdb41cfbee85ece3c02b8253cd2b39bafb5f7fdad9405e218f9959415

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe

Filesize
474KB

MD5
519e4d079197515613cebea4ab212170

SHA1
49ec87607deba0b6e6c3488b8f26e316c1530e23

SHA256
f079908099acebb1966ca9c845094bb4fa1ac7e04bc04711e7a87ff594153fbc

SHA512
306ff74c05042f689f84c554575913ebd1308db77f81922d2ba64284815eb761b951a335a21b2d85397c81143559a79475c246467448939dea635f51eb606aab

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe

Filesize
475KB

MD5
48d1f4252fcc80e5cc483202c71cb86f

SHA1
d788a2a71d2f281cc1fda05a6328b18f0d6e1c3e

SHA256
f9e2b4c19f45f72177751620f945fbcaaa29e7352e8e03e96fc700fc36d211c2

SHA512
7116468309a7c15a343edffec4ec119a7e9f90142937cdb0a8cbdd6b083bcc3f9cd9da21f6a644e8389d83ac6c319ed5ca80a0fdb5cee6f790829e4344bf6683

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe

Filesize
475KB

MD5
cf418af93d963e22f2c4f6b96c03def6

SHA1
73851d0a935051cd967a243bff4662e644d681ca

SHA256
685a8bc4d9195dd727e7f5a92620b624f465cd2d8e398355183bcc9317dcf18c

SHA512
d84494eb0bcd6099d6086933d6d4fa76a3b03ea88d005e2d8aeed085e4fed101fca9c8ef80e8cce4288cd2a2d96a51205a7d40bfb60f022f3be317470dc76cde

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe

Filesize
475KB

MD5
1a082f7474d160c0209455eda5bf75cf

SHA1
32aa48a6014abedc58f12f66474d9bb9027fd9f3

SHA256
8ccc5d57723b6ec77aaa82b06e68cb19e810af16fae9724e9406f1813fe66c3a

SHA512
bfafe1e4bf99d0bf2a6e1bc321093313fa75cbbf89ddb8a2f5b41540d9de0de219fc4667f472610b08c4a0b2b03b7fabcf5f90776ae31edd6c5fca9b2c1c835f

Download Submit
\??\c:\users\admin\appdata\local\temp\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe

Filesize
476KB

MD5
6730796638396f82c55e6f51542a6767

SHA1
85dd5e3b30c8b938fd94a5ec04d35d9b7935a1d3

SHA256
326ebdda3be6d9755e53615c07cc0718b691114d96988db6354ad01c4a8d995e

SHA512
2b7b04a4381c9f43650fb76717f5f6e59df3f059a530d5d0bd76d4204238cf43ceb08c23eb9edc9ec4ac9559e712874164493b44f1de665b72e285f2ec36a900

Download Submit
memory/464-140-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/464-128-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/716-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/716-9-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/728-260-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/728-269-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/920-280-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/932-27-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/932-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1088-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1088-55-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1180-85-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1364-193-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1664-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1664-42-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1688-148-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2300-281-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2332-44-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2332-53-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2536-237-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2536-227-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2652-216-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2652-226-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2792-16-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2792-26-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2796-86-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2796-96-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3004-253-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3004-238-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3096-205-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3096-194-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3328-183-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3328-173-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3804-156-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3804-160-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4320-118-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4320-108-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4332-162-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4332-171-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4420-130-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4420-119-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4532-106-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4532-97-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4544-215-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4544-203-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4576-74-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4872-254-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4872-259-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202b.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202i.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202g.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202y.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202q.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202s.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202w.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202a.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202k.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202p.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202.exe\""	a09dfd847f22ee4b688c59e381f803a0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202f.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202v.exe\""	a09dfd847f22ee4b688c59e381f803a0_neikianalytics_3202u.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads