9b235c20cd95f04d95716490de9190e980266cf50caa5947ac776eed379cdbc7

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 18:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Size

244KB
MD5

15e6e1b71e995ed95a43f316e4639370
SHA1

19d063fbc1d4cee666a3515b4eb0bb82d64e0df3
SHA256

9b235c20cd95f04d95716490de9190e980266cf50caa5947ac776eed379cdbc7
SHA512

a303916b14d7be0c4c3e8464fdef8d4644cf4f22865ae83ce6ad85817ae35910f880d669aef572e054e43c06431139c00d3752b93a89b856bb390698587c4fd4
SSDEEP

6144:X42FMaP+6+tT/JBnjBE3XwfSZ4sXFzQI6F:IKbGlJBjBEnwOEI6

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
1316	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
3064	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
1840	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
984	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
1956	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
2756	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
2284	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
108	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
1172	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
852	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
2448	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
1316	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
1316	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
3064	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
3064	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
1840	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
1840	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
984	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
984	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
1956	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
1956	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
2756	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
2756	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
2284	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
2284	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
108	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
108	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
1172	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
1172	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
852	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
852	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/files/0x0009000000014738-2.dat	upx
behavioral1/memory/2320-12-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1212-20-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2504-29-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1212-27-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2488-45-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2504-44-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/files/0x00090000000155d4-65.dat	upx
behavioral1/memory/2660-74-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2408-75-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2488-91-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2408-89-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2404-105-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/880-119-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2532-148-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/files/0x0006000000016d11-181.dat	upx
behavioral1/memory/2216-180-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1832-179-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1648-196-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1648-210-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2160-225-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2160-238-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1316-242-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1316-253-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/3064-265-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/984-277-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1956-290-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2160-289-0x00000000005D0000-0x000000000060C000-memory.dmp	upx
behavioral1/memory/1956-301-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2284-313-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2284-324-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/108-335-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1172-347-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2448-358-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/852-357-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/108-325-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2756-312-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2756-302-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1316-300-0x00000000002A0000-0x00000000002DC000-memory.dmp	upx
behavioral1/memory/984-288-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/984-287-0x00000000001B0000-0x00000000001EC000-memory.dmp	upx
behavioral1/memory/1840-276-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2216-264-0x00000000003A0000-0x00000000003DC000-memory.dmp	upx
behavioral1/memory/324-224-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2216-194-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1832-165-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1456-163-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2532-135-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/1996-134-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral1/memory/2660-67-0x0000000000320000-0x000000000035C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = ddd78587e8076c55	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1212	2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1212	2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1212	2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 1212	2320	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	28
PID 1212 wrote to memory of 2504	1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	29
PID 1212 wrote to memory of 2504	1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	29
PID 1212 wrote to memory of 2504	1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	29
PID 1212 wrote to memory of 2504	1212	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	29
PID 2504 wrote to memory of 2488	2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	30
PID 2504 wrote to memory of 2488	2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	30
PID 2504 wrote to memory of 2488	2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	30
PID 2504 wrote to memory of 2488	2504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	30
PID 2488 wrote to memory of 2660	2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	31
PID 2488 wrote to memory of 2660	2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	31
PID 2488 wrote to memory of 2660	2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	31
PID 2488 wrote to memory of 2660	2488	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	31
PID 2660 wrote to memory of 2408	2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	32
PID 2660 wrote to memory of 2408	2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	32
PID 2660 wrote to memory of 2408	2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	32
PID 2660 wrote to memory of 2408	2660	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	32
PID 2408 wrote to memory of 2404	2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	33
PID 2408 wrote to memory of 2404	2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	33
PID 2408 wrote to memory of 2404	2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	33
PID 2408 wrote to memory of 2404	2408	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	33
PID 2404 wrote to memory of 880	2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	34
PID 2404 wrote to memory of 880	2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	34
PID 2404 wrote to memory of 880	2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	34
PID 2404 wrote to memory of 880	2404	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	34
PID 880 wrote to memory of 1996	880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	35
PID 880 wrote to memory of 1996	880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	35
PID 880 wrote to memory of 1996	880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	35
PID 880 wrote to memory of 1996	880	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	35
PID 1996 wrote to memory of 2532	1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	36
PID 1996 wrote to memory of 2532	1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	36
PID 1996 wrote to memory of 2532	1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	36
PID 1996 wrote to memory of 2532	1996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	36
PID 2532 wrote to memory of 1456	2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	37
PID 2532 wrote to memory of 1456	2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	37
PID 2532 wrote to memory of 1456	2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	37
PID 2532 wrote to memory of 1456	2532	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	37
PID 1456 wrote to memory of 1832	1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 1832	1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 1832	1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	38
PID 1456 wrote to memory of 1832	1456	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	38
PID 1832 wrote to memory of 2216	1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	39
PID 1832 wrote to memory of 2216	1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	39
PID 1832 wrote to memory of 2216	1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	39
PID 1832 wrote to memory of 2216	1832	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	39
PID 2216 wrote to memory of 1648	2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	40
PID 2216 wrote to memory of 1648	2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	40
PID 2216 wrote to memory of 1648	2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	40
PID 2216 wrote to memory of 1648	2216	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	40
PID 1648 wrote to memory of 324	1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	41
PID 1648 wrote to memory of 324	1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	41
PID 1648 wrote to memory of 324	1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	41
PID 1648 wrote to memory of 324	1648	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	41
PID 324 wrote to memory of 2160	324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	42
PID 324 wrote to memory of 2160	324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	42
PID 324 wrote to memory of 2160	324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	42
PID 324 wrote to memory of 2160	324	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	42
PID 2160 wrote to memory of 1316	2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	43
PID 2160 wrote to memory of 1316	2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	43
PID 2160 wrote to memory of 1316	2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	43
PID 2160 wrote to memory of 1316	2160	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2320
- \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1212
- - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2488
    - - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2408
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2404
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:880
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1996
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1832
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2216
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1648
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:324
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2160
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1316
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3064
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1840
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:984
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1956
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2756
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2284
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:108
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1172
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:852
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe

Filesize
244KB

MD5
a82c4c174d63235fd5458c005fd7b1bd

SHA1
b6c609c3df4e660067c782ed79bf2ee12fa49aa7

SHA256
f5581b03cf658ff9680531e66b41151ef5643a858f9ed0528501911c9cbcdcc4

SHA512
593a7d5236f81d4aae022a8bb7e66da7a67b60088e2adf1bd88848e1f250e9abb61cd5671781c94ded7b4bc2d3153f15bd881dae13d16238971efcd6ef461dcf

Download Submit
\??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe

Filesize
244KB

MD5
37baad256a534f0cb3d72013ee9206a4

SHA1
b2f4ba19263e4cf48e96b55d7dcacc42e1da208d

SHA256
be1d1c399f578bbc18fac5d0f77cc3e3e7b800210075d4a2a38b8b758ad6e1cf

SHA512
6b46fb791c5c934568174c6f9437baac113d49ce2479fa0327955a8dc0a3bdce0219234de9d382bf960b6e87679a6b4728f6a9bd63aa24d025cf9199915bf501

Download Submit
\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe

Filesize
244KB

MD5
d485cb52a87f717c8f4dc78540e51de8

SHA1
0c3c71f590022b5e4ad560482ed905dcacbc3d6b

SHA256
14fdb7e051cc9546236ab31be69d4c355dd5c937034da08e1e8a4497bf3bda85

SHA512
395efeee9b3e14a04cd1d691cdcc5ec2647edc8b75dc87e29ccd05ea848304b9c75ef171b588fc5b26b77c04c5512d20c31e992db88563679f91d7d0c2a7dc2f

Download Submit
memory/108-335-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/108-325-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/324-224-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/852-357-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/880-119-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/880-118-0x0000000000220000-0x000000000025C000-memory.dmp

Filesize
240KB

Download
memory/984-287-0x00000000001B0000-0x00000000001EC000-memory.dmp

Filesize
240KB

Download
memory/984-288-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/984-277-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1172-344-0x0000000000360000-0x000000000039C000-memory.dmp

Filesize
240KB

Download
memory/1172-347-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1172-346-0x0000000000360000-0x000000000039C000-memory.dmp

Filesize
240KB

Download
memory/1212-27-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1212-20-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1316-300-0x00000000002A0000-0x00000000002DC000-memory.dmp

Filesize
240KB

Download
memory/1316-254-0x00000000002A0000-0x00000000002DC000-memory.dmp

Filesize
240KB

Download
memory/1316-253-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1316-242-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1456-163-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1456-164-0x00000000004C0000-0x00000000004FC000-memory.dmp

Filesize
240KB

Download
memory/1456-241-0x00000000004C0000-0x00000000004FC000-memory.dmp

Filesize
240KB

Download
memory/1648-196-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1648-210-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1832-179-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1832-165-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1840-276-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1956-290-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1956-301-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1996-134-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2160-289-0x00000000005D0000-0x000000000060C000-memory.dmp

Filesize
240KB

Download
memory/2160-238-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2160-239-0x00000000005D0000-0x000000000060C000-memory.dmp

Filesize
240KB

Download
memory/2160-225-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2216-264-0x00000000003A0000-0x00000000003DC000-memory.dmp

Filesize
240KB

Download
memory/2216-180-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2216-195-0x00000000003A0000-0x00000000003DC000-memory.dmp

Filesize
240KB

Download
memory/2216-194-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2284-324-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2284-320-0x0000000000220000-0x000000000025C000-memory.dmp

Filesize
240KB

Download
memory/2284-313-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2320-12-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2320-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2404-105-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2408-89-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2408-88-0x00000000002B0000-0x00000000002EC000-memory.dmp

Filesize
240KB

Download
memory/2408-75-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2448-358-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2488-45-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2488-91-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2504-44-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2504-29-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2504-42-0x00000000003B0000-0x00000000003EC000-memory.dmp

Filesize
240KB

Download
memory/2532-148-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2532-135-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2660-74-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2660-72-0x0000000000320000-0x000000000035C000-memory.dmp

Filesize
240KB

Download
memory/2660-67-0x0000000000320000-0x000000000035C000-memory.dmp

Filesize
240KB

Download
memory/2756-302-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2756-312-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3064-265-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3064-266-0x0000000000220000-0x000000000025C000-memory.dmp

Filesize
240KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe\""	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads