9b235c20cd95f04d95716490de9190e980266cf50caa5947ac776eed379cdbc7

Analysis

max time kernel
142s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 18:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Size

244KB
MD5

15e6e1b71e995ed95a43f316e4639370
SHA1

19d063fbc1d4cee666a3515b4eb0bb82d64e0df3
SHA256

9b235c20cd95f04d95716490de9190e980266cf50caa5947ac776eed379cdbc7
SHA512

a303916b14d7be0c4c3e8464fdef8d4644cf4f22865ae83ce6ad85817ae35910f880d669aef572e054e43c06431139c00d3752b93a89b856bb390698587c4fd4
SSDEEP

6144:X42FMaP+6+tT/JBnjBE3XwfSZ4sXFzQI6F:IKbGlJBjBEnwOEI6

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
444	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
2972	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
4536	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
3996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
4856	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
3508	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
4220	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
1964	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
636	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
1928	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
4132	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
1584	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
4576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
412	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
4920	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
1056	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
1788	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
4164	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
1276	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
3576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
4968	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
2164	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
3504	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
1700	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
3396	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
4264	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2540-0-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/files/0x0007000000023276-7.dat	upx
behavioral2/memory/2540-10-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/444-9-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/444-19-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/2972-28-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4536-29-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4536-43-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3996-47-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4856-54-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3508-65-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4220-73-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1964-82-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1928-93-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/files/0x0007000000023419-92.dat	upx
behavioral2/memory/636-91-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1928-108-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4132-107-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4132-112-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1584-122-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4576-131-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4576-121-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/412-138-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4920-148-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1788-164-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1056-163-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4164-169-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1788-168-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4164-177-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1276-187-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3576-193-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4968-203-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3576-196-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4968-205-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/2164-216-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3504-224-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1700-226-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3396-241-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/1700-240-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/4264-246-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/3396-243-0x0000000000400000-0x000000000043C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 54eb07299feadf95	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 444	2540	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	83
PID 2540 wrote to memory of 444	2540	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	83
PID 2540 wrote to memory of 444	2540	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe	83
PID 444 wrote to memory of 2972	444	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	84
PID 444 wrote to memory of 2972	444	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	84
PID 444 wrote to memory of 2972	444	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe	84
PID 2972 wrote to memory of 4536	2972	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	85
PID 2972 wrote to memory of 4536	2972	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	85
PID 2972 wrote to memory of 4536	2972	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe	85
PID 4536 wrote to memory of 3996	4536	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	86
PID 4536 wrote to memory of 3996	4536	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	86
PID 4536 wrote to memory of 3996	4536	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe	86
PID 3996 wrote to memory of 4856	3996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	87
PID 3996 wrote to memory of 4856	3996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	87
PID 3996 wrote to memory of 4856	3996	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe	87
PID 4856 wrote to memory of 3508	4856	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	88
PID 4856 wrote to memory of 3508	4856	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	88
PID 4856 wrote to memory of 3508	4856	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe	88
PID 3508 wrote to memory of 4220	3508	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	89
PID 3508 wrote to memory of 4220	3508	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	89
PID 3508 wrote to memory of 4220	3508	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe	89
PID 4220 wrote to memory of 1964	4220	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	91
PID 4220 wrote to memory of 1964	4220	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	91
PID 4220 wrote to memory of 1964	4220	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe	91
PID 1964 wrote to memory of 636	1964	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	92
PID 1964 wrote to memory of 636	1964	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	92
PID 1964 wrote to memory of 636	1964	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe	92
PID 636 wrote to memory of 1928	636	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	94
PID 636 wrote to memory of 1928	636	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	94
PID 636 wrote to memory of 1928	636	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe	94
PID 1928 wrote to memory of 4132	1928	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	95
PID 1928 wrote to memory of 4132	1928	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	95
PID 1928 wrote to memory of 4132	1928	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe	95
PID 4132 wrote to memory of 1584	4132	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	96
PID 4132 wrote to memory of 1584	4132	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	96
PID 4132 wrote to memory of 1584	4132	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe	96
PID 1584 wrote to memory of 4576	1584	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	98
PID 1584 wrote to memory of 4576	1584	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	98
PID 1584 wrote to memory of 4576	1584	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe	98
PID 4576 wrote to memory of 412	4576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	99
PID 4576 wrote to memory of 412	4576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	99
PID 4576 wrote to memory of 412	4576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe	99
PID 412 wrote to memory of 4920	412	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	100
PID 412 wrote to memory of 4920	412	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	100
PID 412 wrote to memory of 4920	412	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe	100
PID 4920 wrote to memory of 1056	4920	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	101
PID 4920 wrote to memory of 1056	4920	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	101
PID 4920 wrote to memory of 1056	4920	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe	101
PID 1056 wrote to memory of 1788	1056	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe	102
PID 1056 wrote to memory of 1788	1056	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe	102
PID 1056 wrote to memory of 1788	1056	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe	102
PID 1788 wrote to memory of 4164	1788	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe	103
PID 1788 wrote to memory of 4164	1788	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe	103
PID 1788 wrote to memory of 4164	1788	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe	103
PID 4164 wrote to memory of 1276	4164	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe	104
PID 4164 wrote to memory of 1276	4164	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe	104
PID 4164 wrote to memory of 1276	4164	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe	104
PID 1276 wrote to memory of 3576	1276	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe	105
PID 1276 wrote to memory of 3576	1276	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe	105
PID 1276 wrote to memory of 3576	1276	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe	105
PID 3576 wrote to memory of 4968	3576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe	106
PID 3576 wrote to memory of 4968	3576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe	106
PID 3576 wrote to memory of 4968	3576	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe	106
PID 4968 wrote to memory of 2164	4968	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2540
- \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:444
- - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4536
    - - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3996
      - \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4856
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3508
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4220
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1964
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:636
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1928
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4132
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1584
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4576
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:412
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4920
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1788
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4164
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1276
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3576
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2164
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3504
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1700
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3396
        
        \??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe

Filesize
244KB

MD5
509dd7538146d88c7a2915d259f0ab54

SHA1
474404f50bbbffb6128b63b0719b09a9a87f217c

SHA256
780206a344a2d5a21a6662dec262a740c6f5097bec343cd355b60636d4879062

SHA512
87b72987ba1ea260c7a98d35992c21dcd6f42290cfcb75e2c31336b570860b2cc7275ecc2704642ad808b259ac0b2f6fbc307feb62b09b0348306a5811aafc7f

Download Submit
\??\c:\users\admin\appdata\local\temp\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe

Filesize
244KB

MD5
33688955728d982df1c6490b2287eb3d

SHA1
cbc4352b34409ae0e26bbe967f5f6139b541155e

SHA256
04f2c33748f080dc07e733d7153e3e15fe38f895701978944213ed53e158a0ba

SHA512
0929764563e18a9dfeb34f30d60dfba8a6fec164fe8d377feaa50c96858c9a91650bef84123f087f502def55f638291a9c0cddc9c9e109979d32dea1153f3fcb

Download Submit
memory/412-138-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/444-9-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/444-19-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/636-91-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1056-163-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1276-187-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1584-122-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1700-226-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1700-240-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1788-164-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1788-168-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1928-93-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1928-108-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1964-82-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2164-216-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2540-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2540-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2972-28-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3396-241-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3396-243-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3504-224-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3508-65-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3576-193-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3576-196-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3996-47-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4132-112-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4132-107-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4164-169-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4164-177-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4220-73-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4264-246-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4536-29-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4536-43-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4576-131-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4576-121-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4856-54-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4920-148-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4968-205-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4968-203-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe\""	15e6e1b71e995ed95a43f316e4639370_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202l.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202v.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202b.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202k.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202u.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202a.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202g.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202d.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202q.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202y.exe\""	15e6e1b71e995ed95a43f316e4639370_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads