description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "25600"	ivsootov-uceas.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "25600"	ivsootov-uceas.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "25600"	ivsootov-uceas.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "25600"	ivsootov-uceas.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 = "a"	ivsootov-uceas.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Windows\\system32\\flopug-ukoot.exe"	ivsootov-uceas.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe	ivsootov-uceas.exe

pid	Process
1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe
1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe
2272	ivsootov-uceas.exe

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ivsootov-uceas.exe	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\flopug-ukoot.exe	ivsootov-uceas.exe
File opened for modification	C:\Windows\SysWOW64\ourvooxix.dll	ivsootov-uceas.exe
File created	C:\Windows\SysWOW64\ivsootov-uceas.exe	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\flopug-ukoot.exe	ivsootov-uceas.exe
File opened for modification	C:\Windows\SysWOW64\ksugead.exe	ivsootov-uceas.exe
File created	C:\Windows\SysWOW64\ksugead.exe	ivsootov-uceas.exe
File created	C:\Windows\SysWOW64\ourvooxix.dll	ivsootov-uceas.exe
File opened for modification	C:\Windows\SysWOW64\ivsootov-uceas.exe	ivsootov-uceas.exe

description	pid	Process
Token: SeDebugPrivilege	1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe
Token: SeDebugPrivilege	2272	ivsootov-uceas.exe

description	pid	Process	procid_target
PID 1192 wrote to memory of 2272	1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe	28
PID 1192 wrote to memory of 2272	1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe	28
PID 1192 wrote to memory of 2272	1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe	28
PID 1192 wrote to memory of 2272	1192	789edab6aae0e66bc459d4250dad9750_NeikiAnalytics.exe	28
PID 2272 wrote to memory of 428	2272	ivsootov-uceas.exe	5
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 2808	2272	ivsootov-uceas.exe	29
PID 2272 wrote to memory of 2808	2272	ivsootov-uceas.exe	29
PID 2272 wrote to memory of 2808	2272	ivsootov-uceas.exe	29
PID 2272 wrote to memory of 2808	2272	ivsootov-uceas.exe	29
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21
PID 2272 wrote to memory of 1200	2272	ivsootov-uceas.exe	21

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.