47afdd6ed9ff76eaa2d9871ec6c648da33ad843e71ee6e93618e723d0e53981b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Size

442KB
MD5

261e59af2e7a0ab3a29c0748951ef190
SHA1

d1b960b936945b57583133e302d4fd53ac53ac63
SHA256

47afdd6ed9ff76eaa2d9871ec6c648da33ad843e71ee6e93618e723d0e53981b
SHA512

c75b9c2b89c89700132b177bafa8fbb89f91020d5e0866402179a2d727a0a00911755b7858665ac898c3918d1101fac0376d13eb7599d9cb7bea4230d3763105
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/blXKlu:Os52hzpHq8eTi30yIQrDl/

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
2192	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
2716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
1076	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
1944	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
2080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
2904	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
1764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
1692	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
2996	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
3064	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
2192	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
2192	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
2716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
2716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
1076	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
1076	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
1944	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
1944	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
2080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
2080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
2904	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
2904	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
1764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
1764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
1692	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
1692	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
2996	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
2996	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 4491bd745ecfdf2e	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3016	2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	28
PID 2692 wrote to memory of 3016	2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	28
PID 2692 wrote to memory of 3016	2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	28
PID 2692 wrote to memory of 3016	2692	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	28
PID 3016 wrote to memory of 2680	3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	29
PID 3016 wrote to memory of 2680	3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	29
PID 3016 wrote to memory of 2680	3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	29
PID 3016 wrote to memory of 2680	3016	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	29
PID 2680 wrote to memory of 2524	2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	30
PID 2680 wrote to memory of 2524	2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	30
PID 2680 wrote to memory of 2524	2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	30
PID 2680 wrote to memory of 2524	2680	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	30
PID 2524 wrote to memory of 2572	2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	31
PID 2524 wrote to memory of 2572	2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	31
PID 2524 wrote to memory of 2572	2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	31
PID 2524 wrote to memory of 2572	2524	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	31
PID 2572 wrote to memory of 1716	2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	32
PID 2572 wrote to memory of 1716	2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	32
PID 2572 wrote to memory of 1716	2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	32
PID 2572 wrote to memory of 1716	2572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	32
PID 1716 wrote to memory of 1204	1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	33
PID 1716 wrote to memory of 1204	1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	33
PID 1716 wrote to memory of 1204	1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	33
PID 1716 wrote to memory of 1204	1716	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	33
PID 1204 wrote to memory of 572	1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	34
PID 1204 wrote to memory of 572	1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	34
PID 1204 wrote to memory of 572	1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	34
PID 1204 wrote to memory of 572	1204	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	34
PID 572 wrote to memory of 2840	572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	35
PID 572 wrote to memory of 2840	572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	35
PID 572 wrote to memory of 2840	572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	35
PID 572 wrote to memory of 2840	572	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	35
PID 2840 wrote to memory of 1636	2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	36
PID 2840 wrote to memory of 1636	2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	36
PID 2840 wrote to memory of 1636	2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	36
PID 2840 wrote to memory of 1636	2840	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	36
PID 1636 wrote to memory of 1404	1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	37
PID 1636 wrote to memory of 1404	1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	37
PID 1636 wrote to memory of 1404	1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	37
PID 1636 wrote to memory of 1404	1636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	37
PID 1404 wrote to memory of 1820	1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	38
PID 1404 wrote to memory of 1820	1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	38
PID 1404 wrote to memory of 1820	1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	38
PID 1404 wrote to memory of 1820	1404	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	38
PID 1820 wrote to memory of 836	1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	39
PID 1820 wrote to memory of 836	1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	39
PID 1820 wrote to memory of 836	1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	39
PID 1820 wrote to memory of 836	1820	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	39
PID 836 wrote to memory of 768	836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	40
PID 836 wrote to memory of 768	836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	40
PID 836 wrote to memory of 768	836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	40
PID 836 wrote to memory of 768	836	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	40
PID 768 wrote to memory of 2924	768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	41
PID 768 wrote to memory of 2924	768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	41
PID 768 wrote to memory of 2924	768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	41
PID 768 wrote to memory of 2924	768	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	41
PID 2924 wrote to memory of 2764	2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	42
PID 2924 wrote to memory of 2764	2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	42
PID 2924 wrote to memory of 2764	2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	42
PID 2924 wrote to memory of 2764	2924	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	42
PID 2764 wrote to memory of 548	2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	43
PID 2764 wrote to memory of 548	2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	43
PID 2764 wrote to memory of 548	2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	43
PID 2764 wrote to memory of 548	2764	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2692
- \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3016
- - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2524
    - - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2572
      - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1716
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:572
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2840
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1636
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1404
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1820
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:836
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:548
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2192
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2716
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1076
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1944
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2080
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2904
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1764
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1692
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2996
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe

Filesize
442KB

MD5
49a7d6b9f2294cdf9ffab49570032b0c

SHA1
b39ed5363aee02dd7d9ea10da592698f88bd1804

SHA256
2817b73db185a3679964619917c01845ff1d937549e77e5bb95001223f7d7056

SHA512
5d0fc07d4c91d1d29e24999973ab9000974df47b8ecb703d31934449139506e13f195c232d8158903c0cc947b0d70b2fb468107a3a8df48a6b411c9d478f7294

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe

Filesize
445KB

MD5
d9dd55524bdd26abd3ca770919e08042

SHA1
4f781c58d1205e2ea6668abb9d0dbc10d600dab7

SHA256
ab73913dc49139ae0a17be685548407d0ca4dd83680b8603205c5b766319c549

SHA512
e30424b018e7669609b1b05b322e99f3f30017cd414cedd295919f722e6c513cc1ab6c9a19e7e4da5651589effa9e98961d395bbb0db555e42c92a0400e58ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe

Filesize
445KB

MD5
e016f3ba3e0ced8f575a130a8f182e95

SHA1
d9b14f6b1fcf01cc58c83018567bdee148af6879

SHA256
5a624996f08ef4d69d7c25242ee5b72acbebe1a990b4becf048b3b86a5657874

SHA512
18d2995ae18ffdd04771788d49f403c46a75cefdda10e38da5326aa363378e81e413fc51b33c141567b3fe1659efd16f30db2e7fb55d16bc4318a176057ceaf5

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe

Filesize
442KB

MD5
e56cc3f46c61fb89991964e24b198535

SHA1
56977978150b39b9a6345424ece06332bfc32456

SHA256
cc2aa93e62bcf45605d98a98f417ab33a306ebc5bc5fe6589510d47cd3176ebc

SHA512
8134a2589b2be8c101aadbb8dc0610ac5b8a477bb3bc8989ad422162393f4b8323a5e3f4b0e93fe070fb3c36fdf4f6310db91608c6bf85ff244806f9d33cfab6

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe

Filesize
443KB

MD5
3334f8ef0069b5bd72d4dec527772981

SHA1
a6f2e1a30de762760a8e1b3cf700c946dfcfbe61

SHA256
e7b063ff939b95b890546c09bfe03af7c2db1c85ca5e3d91fe69605ed5c69e27

SHA512
3aff8a876571a8503f97e4b7757d5d2ecbed99a26406156b0951f710b85a8049969104eb25ea79a4fcc9c59edb7871cd4fc10740f839d278bb392b8933d0ec6f

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe

Filesize
443KB

MD5
404bdca11556f0d4c54babe4d3a0f7cf

SHA1
e985ae21c66aa33cf6aecc2ffdf3be7362820959

SHA256
de06c18c80310623b36227a289038fce67bcda2adf3b84c4df00116ebcc90d38

SHA512
76077327042516ebb43501673202ba38a7750365362d970f2ced76632258e29bc4e1aa0323fb45dfc7b8281e831580f235188a39bc0e68809bdfa626e122c7db

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe

Filesize
443KB

MD5
ec13017ad260ce8f0665f34f43968e0c

SHA1
0dbd0d40a88a6a6de100b113d5a8a95e2f8f4b43

SHA256
00f5576fc36fd68a5cd473b537897a09e6e3487b740d93cbadd4d3a574e2486c

SHA512
d73c447ce7612dfb1142efadd2168f17d3a298b2d8e9215e08360ac1c18e1061551a9f97fab258b02e745ec2124f83f905ef860a2e0b1caa0ac935effbe38204

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe

Filesize
443KB

MD5
6005a5d9d63125e5ffce3259e87bad4a

SHA1
e94762e06b4ef934a9b41aae368c7c1f32ace8c1

SHA256
35fc84c0157f02017ffa30c630ad957f494aad9419da3b73f37a377cc7b31abc

SHA512
4152a73b38466e854ceaa52263b8de48e2cd5194dc93523922566ca0a1ca5d2728f4b3799b8c0de346c5c408737a2339d711304dea266b6711e2a1a88f956843

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe

Filesize
443KB

MD5
6a4f386f40071744b1ab2c1c290c5513

SHA1
6d4a632c0793a9137bd37eeef29e94996c4c1bc1

SHA256
a7eae4ba945372d80aa0d74f2eb539d99126c6045f31992095c487b23e9bd7dd

SHA512
f0d48e237f7d8aa7ed27d7a88963fea2652dfe598f42831eb98cbc84e86c6ae04faa682a41c667a53541335bcf125153fb92c7e913f83b7d89aaa590c9d18bc6

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe

Filesize
444KB

MD5
4d94e1216e818fc15fe1f8dadf9c1896

SHA1
404a66185b726bcb9e0e46baf5d575c6fda71062

SHA256
4340567974c3d53b59d58ef9bc9576d62a93b7b5a9c4b12f0521872abeaddb5d

SHA512
593fcf41747c246285e5aa47847e9b6c5d2bbbef35a8c0462ba84822c571bce0cb27bb175a85f3911a8e9977980b3fdbed6a9f03d7dcf177927b7d9e83df508a

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe

Filesize
444KB

MD5
d0b7f1520555406867057903f6c2d7f2

SHA1
65291ff0d5f76d0a8c1cca22edf2a28d03f2495f

SHA256
f53ffcd93dfa7a6d88bb08fbb5a44285e7a0460adceb033069e4fc58f3d21ae6

SHA512
96023b069153296a55e4efb2bbc4d65bec9561c54a6e7f3f62c878eea71965e400f22f8fe480524e4e88febab47cee2fa26a0ae240b21548e368a129ecc80685

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe

Filesize
444KB

MD5
7bd61ba88e4c2169655117be88df84d1

SHA1
1db30f1b6b73adf7a60f85865730cacc6b3bb4f6

SHA256
befc7789ed477b4086fc7b1f0e9831ff3dede6e62e724670b8ae913ec09c15e3

SHA512
11df49f6cf3fcd08fa981cadfda3a14fa4d75816b540d5d2acd986d474ca05bc24fe58e35bdb496acd11b25663538ac278b8bedc2ca51c0bb042e60c8561b41c

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe

Filesize
444KB

MD5
9dcb4c63b7953bfa657ac2ad961ea125

SHA1
87755bfdc4826f4c503d13524757921f5228f6c4

SHA256
49b4dd15b5393141e61c7a949c703ea7fe38335ba10c9f8fe07a9a857e50297e

SHA512
dcbf1fece9620ee611073005faca15ce1478011e31d4c882651ce3f27cee2c7b946af67cb96e5a0094e42a0afd455970360c595fb3d97621de37be5a37de1eb4

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe

Filesize
445KB

MD5
c85da20fb629fd01aa9809aaf3bb376f

SHA1
46dcf3b6a201d68846caed1e1f0c6441671282bd

SHA256
73018249a1ba58088515f52c48f43b200e5692d613c704f39a941e1b586cc2c1

SHA512
db597074ba59f7081ed04d77ecc31ca501cbfb3010bf0e42eb55b5d17abc9dda4e4cfec78af3370059f8d0ee3fff8883bafc217bad7b0d1862664e0a9ff3c0d8

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe

Filesize
445KB

MD5
62038e0ae6634142d4e8b183230bf001

SHA1
1fa4a02db37e4e9761d5b63cc6145ec365534a19

SHA256
37edfdf685d598e160865dea1ef24f1fd9495d2041c6f49ccd6630b9e7264a35

SHA512
56fe4a85217d275ac379c97a75a71009ef672fe20b55cf27cec87000064bbd21433dc97d6192cbc51543f14cb8f299f7218f069af002ebd627328aca88b8bf68

Download Submit
\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe

Filesize
446KB

MD5
622d0f7e96edc1092d21a0e755fc68ec

SHA1
84c2c44f48ff73b4b180a3899efcc9a94a6bb63f

SHA256
9193e68a44f10b341fb85819a1b40dfa0089a391ddc1c62dd897fb6a277d334b

SHA512
f02a601bfdda0a5ce3643550c28da17a14271549c96a1a6c7233b5c8ec26eaa234257ddcae5bf91eb87ef052beab8ed2bfa18bf0c2fd50334885605ccc3ea441

Download Submit
memory/548-257-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/548-269-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/572-128-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/572-112-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/768-211-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/768-225-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/836-209-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/836-195-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1076-295-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1076-306-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1204-111-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1204-96-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1404-177-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1404-163-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-146-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-160-0x0000000001E40000-0x0000000001EB9000-memory.dmp

Filesize
484KB

Download
memory/1636-162-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1692-365-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1692-354-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1716-88-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/1716-95-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1764-353-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1820-179-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1820-194-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1944-307-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1944-318-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2080-330-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2080-319-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2192-281-0x0000000002110000-0x0000000002189000-memory.dmp

Filesize
484KB

Download
memory/2192-282-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2192-270-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2524-121-0x0000000002180000-0x00000000021F9000-memory.dmp

Filesize
484KB

Download
memory/2524-48-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2524-63-0x0000000002180000-0x00000000021F9000-memory.dmp

Filesize
484KB

Download
memory/2524-62-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2572-78-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2680-46-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2680-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2692-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2692-13-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2716-283-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2716-294-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2764-256-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2840-145-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2840-138-0x0000000001CB0000-0x0000000001D29000-memory.dmp

Filesize
484KB

Download
memory/2840-129-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2904-331-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2904-342-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2924-240-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2996-366-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2996-377-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3016-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3016-24-0x0000000000360000-0x00000000003D9000-memory.dmp

Filesize
484KB

Download
memory/3016-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3064-378-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3064-380-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe\""	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads