8b37f2743107e683e089c45b8307a4feae6463edda9817a8f4f26bd93f559b56

Analysis

max time kernel
136s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Size

382KB
MD5

e80e1fa4467659d4c3b076d0b1efc210
SHA1

0a73a7be911d11f1f13912758627831ed8f67bfe
SHA256

8b37f2743107e683e089c45b8307a4feae6463edda9817a8f4f26bd93f559b56
SHA512

7663afde683701b929b7df70abcfb2e72f131c55e0566ac3907cd6dcbc6e168893645739e004726fafe9aa2725892a05bb958f31e7647b5c8178e5301e2a9ee5
SSDEEP

3072:Kae7OubpGGErCbuZM4EQrjo7vgHJJPPIgR4ZvyezcduPgzKyh:KacxGfTMfQrjoziJJHIjKezcdwgj

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3824	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
4544	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
5104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
2012	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
4452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
4292	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
2380	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
3952	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
1524	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
60	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
1104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
4388	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
2800	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
3372	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
1184	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
4156	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
3668	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
1092	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
1448	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
1368	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
224	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
3312	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
1040	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2500-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-1.dat	upx
behavioral2/memory/2500-15-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3824-18-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000800000002340e-20.dat	upx
behavioral2/files/0x0007000000023410-27.dat	upx
behavioral2/memory/4544-28-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023411-36.dat	upx
behavioral2/memory/5104-40-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2012-38-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023412-48.dat	upx
behavioral2/files/0x0007000000023413-57.dat	upx
behavioral2/memory/4452-60-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4292-59-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2012-55-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023414-68.dat	upx
behavioral2/memory/4292-70-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023415-77.dat	upx
behavioral2/memory/2000-78-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023416-87.dat	upx
behavioral2/memory/2380-96-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023417-98.dat	upx
behavioral2/files/0x0007000000023418-109.dat	upx
behavioral2/memory/3952-117-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1524-110-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2380-101-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/640-95-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/640-80-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023419-119.dat	upx
behavioral2/memory/1524-127-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000800000002340c-131.dat	upx
behavioral2/files/0x000700000002341a-142.dat	upx
behavioral2/memory/1104-150-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002341b-153.dat	upx
behavioral2/files/0x000700000002341c-164.dat	upx
behavioral2/memory/4388-171-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000700000002341e-174.dat	upx
behavioral2/files/0x000700000002341f-184.dat	upx
behavioral2/files/0x0007000000023420-193.dat	upx
behavioral2/memory/1184-202-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023426-256.dat	upx
behavioral2/memory/1040-268-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3312-266-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023427-264.dat	upx
behavioral2/memory/224-254-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1368-252-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023425-244.dat	upx
behavioral2/memory/1448-242-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023424-234.dat	upx
behavioral2/memory/1092-232-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023423-224.dat	upx
behavioral2/memory/3668-222-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023422-214.dat	upx
behavioral2/memory/4156-212-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023421-204.dat	upx
behavioral2/memory/3372-192-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2800-182-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1104-162-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4388-159-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/60-149-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/452-139-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/60-137-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/452-128-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 25a17c51761639bb	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 3824	2500	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	83
PID 2500 wrote to memory of 3824	2500	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	83
PID 2500 wrote to memory of 3824	2500	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe	83
PID 3824 wrote to memory of 4544	3824	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	84
PID 3824 wrote to memory of 4544	3824	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	84
PID 3824 wrote to memory of 4544	3824	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe	84
PID 4544 wrote to memory of 5104	4544	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	85
PID 4544 wrote to memory of 5104	4544	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	85
PID 4544 wrote to memory of 5104	4544	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe	85
PID 5104 wrote to memory of 2012	5104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	86
PID 5104 wrote to memory of 2012	5104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	86
PID 5104 wrote to memory of 2012	5104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe	86
PID 2012 wrote to memory of 4452	2012	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	87
PID 2012 wrote to memory of 4452	2012	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	87
PID 2012 wrote to memory of 4452	2012	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe	87
PID 4452 wrote to memory of 4292	4452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	88
PID 4452 wrote to memory of 4292	4452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	88
PID 4452 wrote to memory of 4292	4452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe	88
PID 4292 wrote to memory of 2000	4292	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	89
PID 4292 wrote to memory of 2000	4292	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	89
PID 4292 wrote to memory of 2000	4292	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe	89
PID 2000 wrote to memory of 640	2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	90
PID 2000 wrote to memory of 640	2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	90
PID 2000 wrote to memory of 640	2000	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe	90
PID 640 wrote to memory of 2380	640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	91
PID 640 wrote to memory of 2380	640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	91
PID 640 wrote to memory of 2380	640	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe	91
PID 2380 wrote to memory of 3952	2380	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	92
PID 2380 wrote to memory of 3952	2380	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	92
PID 2380 wrote to memory of 3952	2380	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe	92
PID 3952 wrote to memory of 1524	3952	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	93
PID 3952 wrote to memory of 1524	3952	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	93
PID 3952 wrote to memory of 1524	3952	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe	93
PID 1524 wrote to memory of 452	1524	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	94
PID 1524 wrote to memory of 452	1524	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	94
PID 1524 wrote to memory of 452	1524	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe	94
PID 452 wrote to memory of 60	452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	97
PID 452 wrote to memory of 60	452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	97
PID 452 wrote to memory of 60	452	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe	97
PID 60 wrote to memory of 1104	60	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	98
PID 60 wrote to memory of 1104	60	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	98
PID 60 wrote to memory of 1104	60	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe	98
PID 1104 wrote to memory of 4388	1104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	99
PID 1104 wrote to memory of 4388	1104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	99
PID 1104 wrote to memory of 4388	1104	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe	99
PID 4388 wrote to memory of 2800	4388	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	100
PID 4388 wrote to memory of 2800	4388	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	100
PID 4388 wrote to memory of 2800	4388	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe	100
PID 2800 wrote to memory of 3372	2800	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe	101
PID 2800 wrote to memory of 3372	2800	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe	101
PID 2800 wrote to memory of 3372	2800	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe	101
PID 3372 wrote to memory of 1184	3372	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe	102
PID 3372 wrote to memory of 1184	3372	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe	102
PID 3372 wrote to memory of 1184	3372	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe	102
PID 1184 wrote to memory of 4156	1184	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe	103
PID 1184 wrote to memory of 4156	1184	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe	103
PID 1184 wrote to memory of 4156	1184	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe	103
PID 4156 wrote to memory of 3668	4156	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe	104
PID 4156 wrote to memory of 3668	4156	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe	104
PID 4156 wrote to memory of 3668	4156	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe	104
PID 3668 wrote to memory of 1092	3668	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe	105
PID 3668 wrote to memory of 1092	3668	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe	105
PID 3668 wrote to memory of 1092	3668	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe	105
PID 1092 wrote to memory of 1448	1092	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe	106

C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2500
- \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3824
- - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4544
  - - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:5104
    - - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2012
      - \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4452
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4292
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2000
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:640
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2380
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3952
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1524
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:452
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:60
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1104
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4388
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2800
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3372
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1184
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4156
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3668
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1092
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1448
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1368
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:224
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3312
        
        \??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe

Filesize
383KB

MD5
8ec6d14790294574cf699359f6952c24

SHA1
acfac33ce9501bb256eddbbc9a9c09f4bc87b48a

SHA256
0dfd296368c2eb5d0dc110b96fab4a8acc8438743dc350a531e8cf92a2b15986

SHA512
99cd99d5daf4c386535079315421f620da872a1d1272837c3d2a51a54a0ef1e9472b439f30b88477eb507aa0ed306e389a6d97309e33d4223c4d3c88128610f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe

Filesize
383KB

MD5
ba1f0c937056e66f9609d69aa9d93fdc

SHA1
4c28093097fbe6ff8b7ada14487016f31aa9bdf7

SHA256
fe82b4289ba217d7edffefd8ffdb84a76d8305258775fa0ffa6e894287f93b61

SHA512
5e57c5b89136564acf20438a9a6626201dc3b3859e41d762787ee1085082f993f91d90d1a8ca526384be3749a4f57ab6b8a86db2ff299f709455c6621b5dd063

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe

Filesize
383KB

MD5
17e7ae43db8e3909e45080457b7c9f7b

SHA1
71cd4e5d09aae320509773741c1c6c5842abdf88

SHA256
5cf31432553ff4245b3ce9f6b8eb12cd5cfc89b691ca9f75c0cb2dcf0ac1427d

SHA512
d688ea3e04888ab841949dcf9d6b20ad6b79d8bc273ac0bba80063ce73c16846f957dddd20cc07438978054f44692f81ca137c5c01eb59267917572baf07006b

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe

Filesize
384KB

MD5
d43fe2dfb587148222b95d7a91fff0e2

SHA1
c6724aab38a471af57671694e36f322dc96e0164

SHA256
44f03569c4a5ffc16fe26040c7150b281dd28c1e2a8c84b5aaaa2017c353f814

SHA512
015a0fdf0455c062c2345738a494c9aa5c629c9f6b96595d4f99c6746e4362b698cda93aac8ae75f539beeba2912bdc0f4aa9c59e530d126ec9c2e969f4f02f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe

Filesize
384KB

MD5
01c513fda21408b29fddfebed43a9b42

SHA1
39c32ff908fa2c3f42f4f845949d401dd8777025

SHA256
d1b7d758c62f6ea775e8d4c82935bf8935cddee8b4b918bc58b6d5deac0bdd18

SHA512
ac0575981f4cfe137475fb6814b1737e7d028f4af073bc7507a8d5ad785ba216605d9b193ca58b064ece820166be3d51ec758863728e1c7198dce29190641fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe

Filesize
384KB

MD5
ab8daaace8238ca385e4701e8e94d6a6

SHA1
fc0e224d575f256baf2f5fb8875538ab5ae6e2ea

SHA256
761921916e721a40c7b7766b2f22556af4290f33922a8004ffd76e283928b404

SHA512
fe6c05c344be237d93acd01c3de3fbb58e3667967e5948ae62461f8a3619c25947b2be31f707fa552225342758eb4e70765e2d2e5b3274f71bcc3b968427aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe

Filesize
384KB

MD5
7673d8cc2fbe04ad8b59bb4d1cd141d9

SHA1
9c2a9797d2678b15fd5d80512513bee82ba9b0da

SHA256
b6b17798ca1a246134cd24ecd208cbf5379491de156a53359cd8f179f6bbf10c

SHA512
56e0fce2acb578d845493f3bf2e9c06609d0b3e459f8126812d9ea006a2a9b7241d1c8de5d0e92dff316a86dee51bf19be5d895f3d7d2382b77014e1375b2877

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe

Filesize
385KB

MD5
284048f1f22c025294056d40af1a7e1c

SHA1
f44e9beb7a065144c7697b3f365289535b2c0e20

SHA256
39cfeb8f8e97a35b854efad534ced81b7af4ce5f2a0d5a1464d0e9c072cfa58e

SHA512
5b7af5fb0a5d854074aca4f1f6c5f4b0362e434390dedd0fe285118dc5d732baa3cd3ab2a7cd2f36b0d0ba0973f57e203638f6b6899bcb535043d40700b89b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe

Filesize
385KB

MD5
01c835166273b4e32be3918dc6c5b92a

SHA1
9fd6c4c415d7fdf2f8ea84077725283ece7429b8

SHA256
1165b6103a2d6af139f91145a19a267c47fda3381b67f3b327ae3d9d561f2366

SHA512
42defeb5d52ae0df50eadd6138cfa8901b95cabcfe3921d72ff172913f63af8ab633902a262d65e225ccef2eed168b62bfd3b83a11ba164f7ff1eba6f9161baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe

Filesize
387KB

MD5
eab25b6d349d85c7115b229dc4d30c70

SHA1
29560fff727c477fce27fafba56b0e378e441d2e

SHA256
fef0deeaa552629f8066dc0619a59bbcb6ad9f0a886dc249e649058a088d6285

SHA512
740e59f0bf08d4a46a4a9b7f6e1317ca0220cf154493c5ca0e42853dc87b97ba900618c17c421124a3684582d95d21d917a47a87d91bceef5b9ff9cdae0506ef

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe

Filesize
383KB

MD5
35b6920db32f9b45529b05cbb7baa9c2

SHA1
854912fd2378c02ca3335cfe00fd85f4f7102ede

SHA256
1306f8e5914b99255aec78e1de2d10f03a8ad57332d858c1a5f5fa8723c66c94

SHA512
3742b59927c44c7369d27115df8fbf55e3efa281393021bb06262b58f7291edefcc79284d9cb335d82af7907829b5c5efabbc6bb48c46dc8c7ee91ef89313d67

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe

Filesize
383KB

MD5
62095c0ac7c8e5bb3d1e76075394c463

SHA1
14c1948575844587f5efed42279f281a01da9dfe

SHA256
5eaeee58ec550971c102ff202b9f9fa1ba5dedf65cd41beac2d0ee0987fb7aba

SHA512
975708917eb581f51cd94a910814a24717bde9a659291803ef043f59c88196db472ce2b75b773f1d20bd5a21fa742aa03d153935b44fffc824d9f438f1edb8a7

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe

Filesize
385KB

MD5
c5e316dc6d8257b1bb33f4d166b63036

SHA1
782e0f03c2736f22cfcd484448f8813fa953a5b1

SHA256
24b755f1189a41a6c76ee3a357d0ac68eb53f5a83d584e8dd811d7133751d5f5

SHA512
be5fae9ebc2131bf86427ad546b2eb79acb0490ff90bd9ce06d045fdc6381a259df74c127059e0e36f1ac96aebf1bd4edfa7800c515297d8ee31fc8b048c20cd

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe

Filesize
385KB

MD5
b206564487e4fba3b700175933bef523

SHA1
5bae417baf781aa94cb33e832c0c642e5f316dad

SHA256
b2fa263ad3879f5f46de762c978cebd45f349d36a6aaacf248bcad6b1ddded6e

SHA512
e33abf6717cf293e54039a4c15593bf44ae941103d80dd44622e05e12d0e2662d3da50d4a1a41c75309a0596d4a8367bdebf89a95c76d087b6ef06ad69df0280

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe

Filesize
386KB

MD5
69113ea18f9e27f38b65bb432f0c2d99

SHA1
adeb7cdfbfe9c65fc4742e45d2d91305c3d54b44

SHA256
64b88730e14b4acb669e56ecffd93b6668e320e0d8cf48cafb0c0c5737fdf9dd

SHA512
25272ed08d67049ef62d53ca89db34643a9e0f5aa3124ebf7b309db4548d72d8a77b6afbfac2942552791c326baf49f36e6fe42dc48e6e776da1d39f132ef8ea

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe

Filesize
386KB

MD5
bf39607603c2be38e09a0775f76d6a74

SHA1
b107725c944859882821f21ddd62bcad63e62c5c

SHA256
bd03e772ac1a7e39a99475b59632a6dea04c91fe38a9a3483450772c4e1a6c0e

SHA512
3b54a15fede12fb6573198fe5d5e55c0c77484e5b290626d76f10883d3f71ba3fad233adae53c8853270778edf751ab8f45f932dedcd603d9f250abc9d1aa114

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe

Filesize
386KB

MD5
287bf1e67df22693d98c2c1c704d3355

SHA1
552d971693878371630a37a88c1815e18a1d60aa

SHA256
08158a2797d3478db7cbf4a498ddb6892f51504cfd5a5ee1750057e86f2b4444

SHA512
c230aaf0902ccb971dc3e106dc00943bbc73fa4676277fe6af9d8a997c198cd273aed99cb444c36f674c95119da476c7d61cbfdc30dfd2140d12fbc88318c562

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe

Filesize
386KB

MD5
dece9588a0532f01b37b735ac81cb879

SHA1
230e13ef28ffcff548f3e049406c3d813e57d068

SHA256
2aeb35d8f9bd0e9b0ebce8e7c66429455968a55268acd15ffe65052dd0662cf7

SHA512
6b6de8472611b120428393a9af00feeadf8a49b3bb51341e1fa519cd2064c30d4e075ad5342c3a2127c7292a36edbe37c65b753abe3b6c65299721b57ab55515

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe

Filesize
387KB

MD5
1c3378af4c5092a04d5dd8c49c26e83f

SHA1
4b0420958a1281c95ae23365709c31e90d216606

SHA256
169baf832161bf90faf28f90f24a5cb77fb04115a7f26a1132e04e1913a45ae5

SHA512
4aa480fa88ccbd41dd3b575edb6d33a5cd5347d7e6fde36b6c81c11ee4f6aedf13f0f2c41ced59854132ca2d82282bcefc45aa6c09f00d43cc17c33faad98262

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe

Filesize
387KB

MD5
80f0ec4c8193cfc3e7b8eae76592fc5c

SHA1
d7bab6f75c71c33fbf00838cbac0fd7b53ef2a58

SHA256
6343bb1058a050664fd40b30d7e927431855204c0fd7518f06d819be986e2352

SHA512
2b9b1f790482251575a4e3c81d842443d00caca2f5dc0003303e9da51249cca92faf725dd32061ccf0c77d2d4ad80d8f4abae3dd9418111a649b270de87df797

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe

Filesize
387KB

MD5
140695c9b4ee575d1cc87b3cdf7138be

SHA1
ddc141bf5b15b708ed296f6f76d2e75a8f654118

SHA256
d9ac21f6cc313cecd65ff418620adb54718209382e2e9ad7acd5ec4f9a571343

SHA512
1996db0c80000bfcd1cd5a0c19da086a983144accab64d8d4a1b350826ef25342ba8ce05c625650d5490500398b58fed017f3a6c39e7a4314affc1f4910de363

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe

Filesize
387KB

MD5
d99e3feb9f8e3369c882ec073099d2ac

SHA1
bbcf62e40d68ab44f810e0866f2ee2d8575b9cc1

SHA256
27d0bc7f3721dbbf065864574c3ef890d92770aea2ec2c88132f90fac7625155

SHA512
403631f7a2da252b78e90434dd803cb1ad78b2f8c7b86937a02bca152a086a017e475b9f4645bda27bf3396e558ca2b3cd3c4cec693a68a9b51f71267ce9316c

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe

Filesize
388KB

MD5
7b68b15006a30922898cfe1aa021afdd

SHA1
1704cfddd6eb99f75ce8524f468dac3df5d5e504

SHA256
eb97716061153728c35a5c9c3e5aff325250790963791c79b7056815b8c0bd09

SHA512
6db843ffa91fcf8bc3bcc0bfd957a88d4666b3bd28aa57ebf867b3c16cd26c8a97bd8e5ac0596049f2c9a8ccdb8809c6e67022c7831b36dd82e26a34d84d4ccd

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe

Filesize
388KB

MD5
f6ee30ccf7a520a35ab567988f308e05

SHA1
a79ac513c7de34f3817df0fda35804121fabac94

SHA256
ee5a11b39f1bae8113acb352d36f6281a2cd62b6028ebd53f65aaffb79f7cea3

SHA512
8aaa7df318ad92e3c801e92259d6b6da8542baa3c8c5e08ecbc7a8c6536e88909c87e056213d53da39334bc07e6542a4d3c56c6911215ed8e71986788c6bae84

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe

Filesize
388KB

MD5
653eb5f4a7e121616ad842d21fa8da8f

SHA1
e2d4569368bf2a151d20fe7eb0904ff7418a0c96

SHA256
cccac794542d54bee700d54bd9c8d8228ca3db25d69b1ad77ee36a64bfa0526a

SHA512
6fe40642db017ae9509961428be626a48a62180b62110c70733933063020939cc8b3b593d235f98402d77c1894159b1d1dc9ce59c5ce9bcb47d1b211c61a5710

Download Submit
\??\c:\users\admin\appdata\local\temp\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe

Filesize
388KB

MD5
faa5f6f23e18d1cf852172ae9dc15469

SHA1
a2691d0183f96501a73016f17310a4f5417ba3c9

SHA256
c94bcd99085110647069bd8d4b50ce9e12280bbb109dd3b52db5adeb1a5bda9e

SHA512
bea713cabceb961eca218ec78ff5cb90025a38de921fe007a006aa499909120d449094fbd37b3e7a9c08d388aead18c3c297d2436c74aad5aecb3142cad4aca2

Download Submit
memory/60-149-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/60-137-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/224-254-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/452-128-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/452-139-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/640-80-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/640-95-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1040-268-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1092-232-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1104-150-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1104-162-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1184-202-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1368-252-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1448-242-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1524-110-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1524-127-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2000-78-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2012-38-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2012-55-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2380-96-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2380-101-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2500-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2500-15-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2800-182-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3312-266-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3372-192-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3668-222-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3824-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3952-117-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4156-212-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4292-59-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4292-70-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4388-159-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4388-171-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4452-60-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4544-28-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/5104-40-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202l.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202t.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202w.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe\""	e80e1fa4467659d4c3b076d0b1efc210_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202f.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202o.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202v.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202y.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202e.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202j.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202q.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202a.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202c.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202i.exe\""	e80e1fa4467659d4c3b076d0b1efc210_neikianalytics_3202h.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads