Analysis
-
max time kernel
139s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-05-2024 20:39
General
-
Target
2e209c222d0e57b77e19cc3f3799ee00_NeikiAnalytics.exe
-
Size
67KB
-
MD5
2e209c222d0e57b77e19cc3f3799ee00
-
SHA1
4fb340da38aa97ab1882ada04ac4cf4d4741173b
-
SHA256
4edbcf0efedfd38a8f1f09d641895a8dccf81468faac2fee6dc887f20ea6b3f5
-
SHA512
2506ca4c047ae600a2ae425b7b6a0eca7d8f40e24a5a46d9ee4b7766151078ddf3c95848906ba68dac68392676a993e39e4b2b893d1f9e0eb5d33605ecedb71d
-
SSDEEP
1536:fU1T3qKsw5UPw5k5xucoolsflMTUyTuAGtcjyRQ3R/Rj:fU1TqKsAUYMZoolstLyTuAxWe3Vx
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e209c222d0e57b77e19cc3f3799ee00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2e209c222d0e57b77e19cc3f3799ee00_NeikiAnalytics.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blielbfi.exeC:\Windows\system32\Blielbfi.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnkbcj32.exeC:\Windows\system32\Bnkbcj32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bebjdgmj.exeC:\Windows\system32\Bebjdgmj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bddjpd32.exeC:\Windows\system32\Bddjpd32.exe5⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bllbaa32.exeC:\Windows\system32\Bllbaa32.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnmoijje.exeC:\Windows\system32\Bnmoijje.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdgged32.exeC:\Windows\system32\Bdgged32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bomkcm32.exeC:\Windows\system32\Bomkcm32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdickcpo.exeC:\Windows\system32\Bdickcpo.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blqllqqa.exeC:\Windows\system32\Blqllqqa.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Camddhoi.exeC:\Windows\system32\Camddhoi.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Clchbqoo.exeC:\Windows\system32\Clchbqoo.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbpajgmf.exeC:\Windows\system32\Cbpajgmf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cleegp32.exeC:\Windows\system32\Cleegp32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cocacl32.exeC:\Windows\system32\Cocacl32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfnjpfcl.exeC:\Windows\system32\Cfnjpfcl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Clgbmp32.exeC:\Windows\system32\Clgbmp32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cofnik32.exeC:\Windows\system32\Cofnik32.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cfpffeaj.exeC:\Windows\system32\Cfpffeaj.exe20⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cljobphg.exeC:\Windows\system32\Cljobphg.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnkkjh32.exeC:\Windows\system32\Cnkkjh32.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbfgkffn.exeC:\Windows\system32\Cbfgkffn.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Chqogq32.exeC:\Windows\system32\Chqogq32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkokcl32.exeC:\Windows\system32\Dkokcl32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfdpad32.exeC:\Windows\system32\Dfdpad32.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dhclmp32.exeC:\Windows\system32\Dhclmp32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkahilkl.exeC:\Windows\system32\Dkahilkl.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dnpdegjp.exeC:\Windows\system32\Dnpdegjp.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dfglfdkb.exeC:\Windows\system32\Dfglfdkb.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dnbakghm.exeC:\Windows\system32\Dnbakghm.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dfiildio.exeC:\Windows\system32\Dfiildio.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Digehphc.exeC:\Windows\system32\Digehphc.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Doaneiop.exeC:\Windows\system32\Doaneiop.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dbpjaeoc.exeC:\Windows\system32\Dbpjaeoc.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dijbno32.exeC:\Windows\system32\Dijbno32.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dmennnni.exeC:\Windows\system32\Dmennnni.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dngjff32.exeC:\Windows\system32\Dngjff32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eiloco32.exeC:\Windows\system32\Eiloco32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emhkdmlg.exeC:\Windows\system32\Emhkdmlg.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eofgpikj.exeC:\Windows\system32\Eofgpikj.exe41⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ebdcld32.exeC:\Windows\system32\Ebdcld32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eecphp32.exeC:\Windows\system32\Eecphp32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Emjgim32.exeC:\Windows\system32\Emjgim32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eoideh32.exeC:\Windows\system32\Eoideh32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Efblbbqd.exeC:\Windows\system32\Efblbbqd.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eeelnp32.exeC:\Windows\system32\Eeelnp32.exe47⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ekodjiol.exeC:\Windows\system32\Ekodjiol.exe48⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ebimgcfi.exeC:\Windows\system32\Ebimgcfi.exe49⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eicedn32.exeC:\Windows\system32\Eicedn32.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Epmmqheb.exeC:\Windows\system32\Epmmqheb.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efgemb32.exeC:\Windows\system32\Efgemb32.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eejeiocj.exeC:\Windows\system32\Eejeiocj.exe53⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emanjldl.exeC:\Windows\system32\Emanjldl.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enbjad32.exeC:\Windows\system32\Enbjad32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Felbnn32.exeC:\Windows\system32\Felbnn32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fihnomjp.exeC:\Windows\system32\Fihnomjp.exe57⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Flfkkhid.exeC:\Windows\system32\Flfkkhid.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fneggdhg.exeC:\Windows\system32\Fneggdhg.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fflohaij.exeC:\Windows\system32\Fflohaij.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fmfgek32.exeC:\Windows\system32\Fmfgek32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fpdcag32.exeC:\Windows\system32\Fpdcag32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fbbpmb32.exeC:\Windows\system32\Fbbpmb32.exe63⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fealin32.exeC:\Windows\system32\Fealin32.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fpgpgfmh.exeC:\Windows\system32\Fpgpgfmh.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fechomko.exeC:\Windows\system32\Fechomko.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Flmqlg32.exeC:\Windows\system32\Flmqlg32.exe67⤵
-
C:\Windows\SysWOW64\Fnlmhc32.exeC:\Windows\system32\Fnlmhc32.exe68⤵
-
C:\Windows\SysWOW64\Fiaael32.exeC:\Windows\system32\Fiaael32.exe69⤵
-
C:\Windows\SysWOW64\Fbjena32.exeC:\Windows\system32\Fbjena32.exe70⤵
-
C:\Windows\SysWOW64\Gidnkkpc.exeC:\Windows\system32\Gidnkkpc.exe71⤵
-
C:\Windows\SysWOW64\Gpnfge32.exeC:\Windows\system32\Gpnfge32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gblbca32.exeC:\Windows\system32\Gblbca32.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gifkpknp.exeC:\Windows\system32\Gifkpknp.exe74⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gldglf32.exeC:\Windows\system32\Gldglf32.exe75⤵
-
C:\Windows\SysWOW64\Gncchb32.exeC:\Windows\system32\Gncchb32.exe76⤵
-
C:\Windows\SysWOW64\Gemkelcd.exeC:\Windows\system32\Gemkelcd.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gpbpbecj.exeC:\Windows\system32\Gpbpbecj.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gflhoo32.exeC:\Windows\system32\Gflhoo32.exe79⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Glipgf32.exeC:\Windows\system32\Glipgf32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Goglcahb.exeC:\Windows\system32\Goglcahb.exe81⤵
-
C:\Windows\SysWOW64\Geaepk32.exeC:\Windows\system32\Geaepk32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glkmmefl.exeC:\Windows\system32\Glkmmefl.exe83⤵
-
C:\Windows\SysWOW64\Hipmfjee.exeC:\Windows\system32\Hipmfjee.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hlnjbedi.exeC:\Windows\system32\Hlnjbedi.exe85⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hfcnpn32.exeC:\Windows\system32\Hfcnpn32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hlpfhe32.exeC:\Windows\system32\Hlpfhe32.exe87⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Hbjoeojc.exeC:\Windows\system32\Hbjoeojc.exe88⤵
-
C:\Windows\SysWOW64\Hblkjo32.exeC:\Windows\system32\Hblkjo32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hifcgion.exeC:\Windows\system32\Hifcgion.exe90⤵
-
C:\Windows\SysWOW64\Hpqldc32.exeC:\Windows\system32\Hpqldc32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hbohpn32.exeC:\Windows\system32\Hbohpn32.exe92⤵
-
C:\Windows\SysWOW64\Hiipmhmk.exeC:\Windows\system32\Hiipmhmk.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hlglidlo.exeC:\Windows\system32\Hlglidlo.exe94⤵
-
C:\Windows\SysWOW64\Ibaeen32.exeC:\Windows\system32\Ibaeen32.exe95⤵
-
C:\Windows\SysWOW64\Iepaaico.exeC:\Windows\system32\Iepaaico.exe96⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Iikmbh32.exeC:\Windows\system32\Iikmbh32.exe97⤵
-
C:\Windows\SysWOW64\Iliinc32.exeC:\Windows\system32\Iliinc32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibcaknbi.exeC:\Windows\system32\Ibcaknbi.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ifomll32.exeC:\Windows\system32\Ifomll32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iinjhh32.exeC:\Windows\system32\Iinjhh32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Imiehfao.exeC:\Windows\system32\Imiehfao.exe102⤵
-
C:\Windows\SysWOW64\Ipgbdbqb.exeC:\Windows\system32\Ipgbdbqb.exe103⤵
-
C:\Windows\SysWOW64\Ibfnqmpf.exeC:\Windows\system32\Ibfnqmpf.exe104⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Igajal32.exeC:\Windows\system32\Igajal32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iipfmggc.exeC:\Windows\system32\Iipfmggc.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Imkbnf32.exeC:\Windows\system32\Imkbnf32.exe107⤵
-
C:\Windows\SysWOW64\Ipjoja32.exeC:\Windows\system32\Ipjoja32.exe108⤵
-
C:\Windows\SysWOW64\Ibhkfm32.exeC:\Windows\system32\Ibhkfm32.exe109⤵
-
C:\Windows\SysWOW64\Iefgbh32.exeC:\Windows\system32\Iefgbh32.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilqoobdd.exeC:\Windows\system32\Ilqoobdd.exe111⤵
-
C:\Windows\SysWOW64\Iplkpa32.exeC:\Windows\system32\Iplkpa32.exe112⤵
-
C:\Windows\SysWOW64\Ickglm32.exeC:\Windows\system32\Ickglm32.exe113⤵
-
C:\Windows\SysWOW64\Ieidhh32.exeC:\Windows\system32\Ieidhh32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Impliekg.exeC:\Windows\system32\Impliekg.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ipoheakj.exeC:\Windows\system32\Ipoheakj.exe116⤵
-
C:\Windows\SysWOW64\Jcmdaljn.exeC:\Windows\system32\Jcmdaljn.exe117⤵
-
C:\Windows\SysWOW64\Jekqmhia.exeC:\Windows\system32\Jekqmhia.exe118⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jleijb32.exeC:\Windows\system32\Jleijb32.exe119⤵
-
C:\Windows\SysWOW64\Jgkmgk32.exeC:\Windows\system32\Jgkmgk32.exe120⤵
-
C:\Windows\SysWOW64\Jiiicf32.exeC:\Windows\system32\Jiiicf32.exe121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-