8b37f2743107e683e089c45b8307a4feae6463edda9817a8f4f26bd93f559b56

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Size

382KB
MD5

e80e1fa4467659d4c3b076d0b1efc210
SHA1

0a73a7be911d11f1f13912758627831ed8f67bfe
SHA256

8b37f2743107e683e089c45b8307a4feae6463edda9817a8f4f26bd93f559b56
SHA512

7663afde683701b929b7df70abcfb2e72f131c55e0566ac3907cd6dcbc6e168893645739e004726fafe9aa2725892a05bb958f31e7647b5c8178e5301e2a9ee5
SSDEEP

3072:Kae7OubpGGErCbuZM4EQrjo7vgHJJPPIgR4ZvyezcduPgzKyh:KacxGfTMfQrjoziJJHIjKezcdwgj

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
1812	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
3048	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
1612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
768	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
2792	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
304	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
2192	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
2216	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
2592	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
1812	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
1812	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
3048	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
3048	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
1612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
1612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
612	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
768	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
768	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
2792	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
2792	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
304	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
304	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
2192	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
2192	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
2216	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
2216	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000c00000001443b-5.dat	upx
behavioral1/memory/2008-15-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2276-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x00340000000146fc-24.dat	upx
behavioral1/memory/1980-32-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2548-48-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2756-70-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2756-79-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000014b4c-80.dat	upx
behavioral1/memory/2452-94-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000014bbc-93.dat	upx
behavioral1/files/0x0007000000014b18-64.dat	upx
behavioral1/memory/2548-63-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0009000000014fa2-101.dat	upx
behavioral1/memory/1464-124-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015cff-134.dat	upx
behavioral1/files/0x0006000000015d20-159.dat	upx
behavioral1/files/0x0006000000015d4e-181.dat	upx
behavioral1/memory/2220-189-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015d56-207.dat	upx
behavioral1/files/0x0006000000015d5f-223.dat	upx
behavioral1/files/0x0006000000015d6b-239.dat	upx
behavioral1/memory/3048-277-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/612-294-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2792-316-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2792-324-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2192-347-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2216-359-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2592-370-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2216-369-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2192-358-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2000-346-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2000-336-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/304-335-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/768-312-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/768-301-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/612-300-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1612-288-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1812-266-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015d7f-255.dat	upx
behavioral1/memory/1812-254-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/588-253-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/588-238-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/856-237-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/856-222-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2284-221-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2284-206-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1776-205-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1776-190-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2220-180-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0006000000015d42-174.dat	upx
behavioral1/memory/1144-173-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1144-158-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/1640-157-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2880-142-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2880-133-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2276-132-0x0000000000250000-0x000000000028A000-memory.dmp	upx
behavioral1/files/0x0008000000015ce3-126.dat	upx
behavioral1/memory/2868-109-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0007000000014a9a-49.dat	upx
behavioral1/memory/1980-47-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2008-30-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2008-28-0x0000000000380000-0x00000000003BA000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 587fab627ae3e2aa	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2008	2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	28
PID 2276 wrote to memory of 2008	2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	28
PID 2276 wrote to memory of 2008	2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	28
PID 2276 wrote to memory of 2008	2276	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	28
PID 2008 wrote to memory of 1980	2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	29
PID 2008 wrote to memory of 1980	2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	29
PID 2008 wrote to memory of 1980	2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	29
PID 2008 wrote to memory of 1980	2008	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	29
PID 1980 wrote to memory of 2548	1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	30
PID 1980 wrote to memory of 2548	1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	30
PID 1980 wrote to memory of 2548	1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	30
PID 1980 wrote to memory of 2548	1980	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	30
PID 2548 wrote to memory of 2756	2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	31
PID 2548 wrote to memory of 2756	2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	31
PID 2548 wrote to memory of 2756	2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	31
PID 2548 wrote to memory of 2756	2548	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	31
PID 2756 wrote to memory of 2452	2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	32
PID 2756 wrote to memory of 2452	2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	32
PID 2756 wrote to memory of 2452	2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	32
PID 2756 wrote to memory of 2452	2756	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	32
PID 2452 wrote to memory of 2868	2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	33
PID 2452 wrote to memory of 2868	2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	33
PID 2452 wrote to memory of 2868	2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	33
PID 2452 wrote to memory of 2868	2452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	33
PID 2868 wrote to memory of 1464	2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	34
PID 2868 wrote to memory of 1464	2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	34
PID 2868 wrote to memory of 1464	2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	34
PID 2868 wrote to memory of 1464	2868	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	34
PID 1464 wrote to memory of 2880	1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	35
PID 1464 wrote to memory of 2880	1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	35
PID 1464 wrote to memory of 2880	1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	35
PID 1464 wrote to memory of 2880	1464	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	35
PID 2880 wrote to memory of 1640	2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1640	2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1640	2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	36
PID 2880 wrote to memory of 1640	2880	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	36
PID 1640 wrote to memory of 1144	1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	37
PID 1640 wrote to memory of 1144	1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	37
PID 1640 wrote to memory of 1144	1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	37
PID 1640 wrote to memory of 1144	1640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	37
PID 1144 wrote to memory of 2220	1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	38
PID 1144 wrote to memory of 2220	1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	38
PID 1144 wrote to memory of 2220	1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	38
PID 1144 wrote to memory of 2220	1144	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	38
PID 2220 wrote to memory of 1776	2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	39
PID 2220 wrote to memory of 1776	2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	39
PID 2220 wrote to memory of 1776	2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	39
PID 2220 wrote to memory of 1776	2220	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	39
PID 1776 wrote to memory of 2284	1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	40
PID 1776 wrote to memory of 2284	1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	40
PID 1776 wrote to memory of 2284	1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	40
PID 1776 wrote to memory of 2284	1776	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	40
PID 2284 wrote to memory of 856	2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	41
PID 2284 wrote to memory of 856	2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	41
PID 2284 wrote to memory of 856	2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	41
PID 2284 wrote to memory of 856	2284	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	41
PID 856 wrote to memory of 588	856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	42
PID 856 wrote to memory of 588	856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	42
PID 856 wrote to memory of 588	856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	42
PID 856 wrote to memory of 588	856	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	42
PID 588 wrote to memory of 1812	588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	43
PID 588 wrote to memory of 1812	588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	43
PID 588 wrote to memory of 1812	588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	43
PID 588 wrote to memory of 1812	588	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2276
- \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2008
- - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2548
    - - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2756
      - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2452
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1464
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1640
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1144
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2220
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1776
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2284
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:856
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:588
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1812
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3048
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1612
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:612
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:768
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2792
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:304
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2000
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2192
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2216
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe

Filesize
383KB

MD5
8ec6d14790294574cf699359f6952c24

SHA1
acfac33ce9501bb256eddbbc9a9c09f4bc87b48a

SHA256
0dfd296368c2eb5d0dc110b96fab4a8acc8438743dc350a531e8cf92a2b15986

SHA512
99cd99d5daf4c386535079315421f620da872a1d1272837c3d2a51a54a0ef1e9472b439f30b88477eb507aa0ed306e389a6d97309e33d4223c4d3c88128610f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe

Filesize
384KB

MD5
d43fe2dfb587148222b95d7a91fff0e2

SHA1
c6724aab38a471af57671694e36f322dc96e0164

SHA256
44f03569c4a5ffc16fe26040c7150b281dd28c1e2a8c84b5aaaa2017c353f814

SHA512
015a0fdf0455c062c2345738a494c9aa5c629c9f6b96595d4f99c6746e4362b698cda93aac8ae75f539beeba2912bdc0f4aa9c59e530d126ec9c2e969f4f02f4

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe

Filesize
383KB

MD5
ba1f0c937056e66f9609d69aa9d93fdc

SHA1
4c28093097fbe6ff8b7ada14487016f31aa9bdf7

SHA256
fe82b4289ba217d7edffefd8ffdb84a76d8305258775fa0ffa6e894287f93b61

SHA512
5e57c5b89136564acf20438a9a6626201dc3b3859e41d762787ee1085082f993f91d90d1a8ca526384be3749a4f57ab6b8a86db2ff299f709455c6621b5dd063

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe

Filesize
383KB

MD5
17e7ae43db8e3909e45080457b7c9f7b

SHA1
71cd4e5d09aae320509773741c1c6c5842abdf88

SHA256
5cf31432553ff4245b3ce9f6b8eb12cd5cfc89b691ca9f75c0cb2dcf0ac1427d

SHA512
d688ea3e04888ab841949dcf9d6b20ad6b79d8bc273ac0bba80063ce73c16846f957dddd20cc07438978054f44692f81ca137c5c01eb59267917572baf07006b

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe

Filesize
383KB

MD5
62095c0ac7c8e5bb3d1e76075394c463

SHA1
14c1948575844587f5efed42279f281a01da9dfe

SHA256
5eaeee58ec550971c102ff202b9f9fa1ba5dedf65cd41beac2d0ee0987fb7aba

SHA512
975708917eb581f51cd94a910814a24717bde9a659291803ef043f59c88196db472ce2b75b773f1d20bd5a21fa742aa03d153935b44fffc824d9f438f1edb8a7

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe

Filesize
384KB

MD5
5005dce3deb14a70ef15757bad8144ab

SHA1
d62220910f6597da25ea62807eca61f603d9d0ff

SHA256
25f8c5226435c73a944981aa0d5e4dc2f024f564969a4bb4a64690bd484d4506

SHA512
1f84c6178073e6a44a8db604f3ea185cb50e7e074346f2f2aba24faa6a34e25e17ea41095e143964ac7f798db8fd3400e764da033c37073243e1044e68bc8aa1

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe

Filesize
385KB

MD5
459fb5156de281584c4c96f9be4eef1f

SHA1
8ea3c4b4e007785fa9f46c9fc44364bc29b08696

SHA256
b15b03ad31544f62cbedac89877318f5c27366d0dcc7851b3eb8d42ccd1b2377

SHA512
52a543ae1cde1ec793757d9de8ae61ddb8fd12d506723bcfb4a49ac1c0e55321d8b115932bbd8af985d5e926a37da3d71836736552bcbd5ca70b963958ad21fd

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe

Filesize
385KB

MD5
c8634decb0337c68f748b67518d756a7

SHA1
1f05b76ba68ad5f7dcc355666afea9f437a62d1d

SHA256
c35be44b92bfd403d86a67b8f151568becfc2451bfc568dc82981a23cbf4f903

SHA512
191bc4744d499c37211ddc704fb433c70c9b4e0103d121e31649263c5234e23eaa04a9d66e7b8bf1c6516e07bfaffb675c2290f7b1c19e6c69b84d50364b43b9

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe

Filesize
385KB

MD5
1c4891530fdfcefe869d2b01ea5dcf04

SHA1
3746742215001a3950810b54f5cd9c88717035ac

SHA256
7183dfe1fe4ce41ce31d356ab5d6b5ca0ceb9b0319d4443d7aca8ed3ffb89643

SHA512
4ead2888ca3da6324dd787394f97967a5b786964437f847477f9314766c41f6905a9b7aa70ddb76d2095814f3a9fa160c0dd47273af77f206c57052e46311928

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe

Filesize
386KB

MD5
8abc6cf18d1a75cfbd4ef6bad405ab6a

SHA1
743f70d202a61c6e420a34d7fbc54bf034293a22

SHA256
a93826fb4d88f0a38c2674596dbb52e06b9af2f373f0e6cfd579cb743443e1e8

SHA512
df895050292e98c11b8ceec27582045be096b462463dee148e5fc0857acdb833db13a6386dc4b64459904cd86dd8d87278474e033ab96e720748a476b7cef9df

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe

Filesize
386KB

MD5
e1e260881e7d855a65da1398751ddbaa

SHA1
9deb72e4f8e4c0e70402f6e6883525b7acd5755b

SHA256
6be69ec0da0ca0aad5a0ed2e139922b21ae9111896aa0285e6f93219c5b6bc80

SHA512
063bec31a649e1fe73eae3019262b6094550c35e99086e0bac94c81ae366b862c7798530a1103928687e21dbcfba92668920c5223714b7785973c7e26952e5f0

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe

Filesize
386KB

MD5
77c5b8bb670071cd23322a83884498c4

SHA1
52fb09bdd16589704fe52b82f82a97e8412b7834

SHA256
76954be77ec8da2aad2c0659658492c945c24979c7c9c5f22cc19a4c533eadc6

SHA512
a6b0a44d2dd68c9767c16cf677349c572a7d449faca01875a99f021c6e5c4af29c2bcd57a2ead313a62ba4514883d898b62d5c4f3fc089ca37de06cb3708fd43

Download Submit
\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe

Filesize
383KB

MD5
35b6920db32f9b45529b05cbb7baa9c2

SHA1
854912fd2378c02ca3335cfe00fd85f4f7102ede

SHA256
1306f8e5914b99255aec78e1de2d10f03a8ad57332d858c1a5f5fa8723c66c94

SHA512
3742b59927c44c7369d27115df8fbf55e3efa281393021bb06262b58f7291edefcc79284d9cb335d82af7907829b5c5efabbc6bb48c46dc8c7ee91ef89313d67

Download Submit
\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe

Filesize
384KB

MD5
01c513fda21408b29fddfebed43a9b42

SHA1
39c32ff908fa2c3f42f4f845949d401dd8777025

SHA256
d1b7d758c62f6ea775e8d4c82935bf8935cddee8b4b918bc58b6d5deac0bdd18

SHA512
ac0575981f4cfe137475fb6814b1737e7d028f4af073bc7507a8d5ad785ba216605d9b193ca58b064ece820166be3d51ec758863728e1c7198dce29190641fac

Download Submit
\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe

Filesize
384KB

MD5
aa2a8fa32154ebbba88e45c96f817400

SHA1
d471467e61b83816df346a2a03d1af8b4778b297

SHA256
c04b7b53b80536d1930f5e545862e27fc50789b02e68cb02c0902ffbf74fe994

SHA512
94b555405ecf2449ea95cb35ac6ca1617315e7183823cb49b3fcf34a3aa1a00647ad8c34773cd6bd775ae45f530ccc68432ffd2938d7be5f4dea4f4c27639d99

Download Submit
\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe

Filesize
385KB

MD5
eb3d1340ecafee2b9816dcd47608ef38

SHA1
8e721247d663daac2173196402d821b06240c7e0

SHA256
ebaefea9a500293a244de9de041d0e12faaa6f49128891b98bf3b2688756e6e1

SHA512
2cdbfb5a76d49340d5d6a8f8b7748823ad35a2eb3a9169f0a9bb059202d3a773af432007c66d60a01e72c2de4e8dcd690869a2c9553f9dddb11359db3ebfdd36

Download Submit
memory/304-335-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/588-238-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/588-253-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/612-300-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/612-294-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/768-301-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/768-312-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/856-222-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/856-237-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1144-158-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1144-173-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1464-124-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1612-288-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1640-157-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1776-190-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1776-205-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1812-254-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1812-266-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1980-32-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1980-47-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2000-336-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2000-346-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2008-15-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2008-28-0x0000000000380000-0x00000000003BA000-memory.dmp

Filesize
232KB

Download
memory/2008-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2192-358-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2192-347-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2216-369-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2216-359-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2220-180-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2220-189-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2276-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2276-14-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/2276-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2276-132-0x0000000000250000-0x000000000028A000-memory.dmp

Filesize
232KB

Download
memory/2284-221-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2284-206-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2452-94-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2548-63-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2548-48-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2592-370-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2756-79-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2756-70-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2792-316-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2792-324-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2868-110-0x0000000000260000-0x000000000029A000-memory.dmp

Filesize
232KB

Download
memory/2868-109-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2880-142-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2880-133-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3048-277-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe\""	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads