47afdd6ed9ff76eaa2d9871ec6c648da33ad843e71ee6e93618e723d0e53981b

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Size

442KB
MD5

261e59af2e7a0ab3a29c0748951ef190
SHA1

d1b960b936945b57583133e302d4fd53ac53ac63
SHA256

47afdd6ed9ff76eaa2d9871ec6c648da33ad843e71ee6e93618e723d0e53981b
SHA512

c75b9c2b89c89700132b177bafa8fbb89f91020d5e0866402179a2d727a0a00911755b7858665ac898c3918d1101fac0376d13eb7599d9cb7bea4230d3763105
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/blXKlu:Os52hzpHq8eTi30yIQrDl/

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2052	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
2696	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
5064	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
1128	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
4712	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
2932	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
1588	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
2492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
1080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
4364	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
3360	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
4760	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
4492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
4980	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
4740	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
4744	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
4148	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
2612	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
4276	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
1056	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
2908	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
636	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
3464	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
3484	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
928	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = b9a14b23e3e73c1b	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 2052	3548	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	83
PID 3548 wrote to memory of 2052	3548	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	83
PID 3548 wrote to memory of 2052	3548	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe	83
PID 2052 wrote to memory of 2696	2052	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	84
PID 2052 wrote to memory of 2696	2052	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	84
PID 2052 wrote to memory of 2696	2052	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe	84
PID 2696 wrote to memory of 5064	2696	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	85
PID 2696 wrote to memory of 5064	2696	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	85
PID 2696 wrote to memory of 5064	2696	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe	85
PID 5064 wrote to memory of 1128	5064	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	86
PID 5064 wrote to memory of 1128	5064	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	86
PID 5064 wrote to memory of 1128	5064	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe	86
PID 1128 wrote to memory of 4712	1128	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	87
PID 1128 wrote to memory of 4712	1128	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	87
PID 1128 wrote to memory of 4712	1128	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe	87
PID 4712 wrote to memory of 2932	4712	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	88
PID 4712 wrote to memory of 2932	4712	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	88
PID 4712 wrote to memory of 2932	4712	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe	88
PID 2932 wrote to memory of 1588	2932	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	89
PID 2932 wrote to memory of 1588	2932	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	89
PID 2932 wrote to memory of 1588	2932	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe	89
PID 1588 wrote to memory of 548	1588	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	91
PID 1588 wrote to memory of 548	1588	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	91
PID 1588 wrote to memory of 548	1588	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe	91
PID 548 wrote to memory of 2492	548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	93
PID 548 wrote to memory of 2492	548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	93
PID 548 wrote to memory of 2492	548	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe	93
PID 2492 wrote to memory of 1080	2492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	94
PID 2492 wrote to memory of 1080	2492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	94
PID 2492 wrote to memory of 1080	2492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe	94
PID 1080 wrote to memory of 4364	1080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	95
PID 1080 wrote to memory of 4364	1080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	95
PID 1080 wrote to memory of 4364	1080	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe	95
PID 4364 wrote to memory of 3360	4364	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	97
PID 4364 wrote to memory of 3360	4364	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	97
PID 4364 wrote to memory of 3360	4364	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe	97
PID 3360 wrote to memory of 4760	3360	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	98
PID 3360 wrote to memory of 4760	3360	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	98
PID 3360 wrote to memory of 4760	3360	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe	98
PID 4760 wrote to memory of 4492	4760	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	99
PID 4760 wrote to memory of 4492	4760	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	99
PID 4760 wrote to memory of 4492	4760	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe	99
PID 4492 wrote to memory of 4980	4492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	100
PID 4492 wrote to memory of 4980	4492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	100
PID 4492 wrote to memory of 4980	4492	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe	100
PID 4980 wrote to memory of 4740	4980	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	101
PID 4980 wrote to memory of 4740	4980	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	101
PID 4980 wrote to memory of 4740	4980	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe	101
PID 4740 wrote to memory of 4744	4740	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe	102
PID 4740 wrote to memory of 4744	4740	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe	102
PID 4740 wrote to memory of 4744	4740	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe	102
PID 4744 wrote to memory of 4148	4744	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe	103
PID 4744 wrote to memory of 4148	4744	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe	103
PID 4744 wrote to memory of 4148	4744	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe	103
PID 4148 wrote to memory of 2612	4148	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe	104
PID 4148 wrote to memory of 2612	4148	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe	104
PID 4148 wrote to memory of 2612	4148	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe	104
PID 2612 wrote to memory of 4276	2612	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe	105
PID 2612 wrote to memory of 4276	2612	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe	105
PID 2612 wrote to memory of 4276	2612	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe	105
PID 4276 wrote to memory of 1056	4276	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe	106
PID 4276 wrote to memory of 1056	4276	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe	106
PID 4276 wrote to memory of 1056	4276	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe	106
PID 1056 wrote to memory of 2908	1056	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe	107

C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3548
- \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2052
- - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:5064
    - - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1128
      - \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4712
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2932
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1588
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:548
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2492
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1080
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3360
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4760
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4492
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4980
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4740
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4744
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4148
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2612
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4276
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2908
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:636
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3464
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3484
        
        \??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe

Filesize
442KB

MD5
1326314f3ab06d000d95df4bc45abd61

SHA1
306ca6c13b31baa6fe620f45dc06f800a1506c6f

SHA256
e18f7deb8f5ef62792ecadb36613227943f988db7dca683335699a0dc23cf7ab

SHA512
ed7057061a37471efdc9292fa4e60475c37745efdb2bbb23629ca2a8d28351d25ff7bb1215049155a327ca942aac51d462646fc13b9eb5938f690219d4f99c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe

Filesize
442KB

MD5
015162897fd549939301a8e3610850fb

SHA1
96173fb6617d6786da9f4bee4f06f0aa7cb4c3f4

SHA256
ba3dd02b713ac425f582adaf134d0d17b8d1e3a42183f7331f4bdbe76c04d1a9

SHA512
998c7e3ca1d6ce36f71291e99e563a943ca14760954cdb9835122e0ca3a0148edf2994e545690ac6222cf320c8240b1b5c4116336285660229e25d4ca8831f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe

Filesize
443KB

MD5
c0bff2f633c3656c125db8f702c09f47

SHA1
c135a8a822d6ab1b309adba4fa379be214f49840

SHA256
2fdfa02bebfb374c9b3516acb606e3fa13d8eee1549c8002823524c8221a9895

SHA512
b54e5b609e3ba69ac9011eba4720e9c596fdceee76821e8b6fa01b7cd1cf5a551a5763e942f87a6fec48a4431e62e7556eda21cf728d7f04f0853744e2d6a256

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe

Filesize
443KB

MD5
a741fd3da3fa6aeb7ebadea0fe360b4c

SHA1
327b1867b08d22f6db0d3bfcd08f5f85f478a011

SHA256
51766c4eacc561f8baa0481d4163d7e4dc1138d22a7aa0cb61cb761e8684b525

SHA512
cae6270f3b210455a79e76e6d698ee66d787d27dc856823819ff1423d2ae424cf28cff419292ea98a04c7f51dc73bd67fc813daaa3478b84b7c7d9478b0d9285

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe

Filesize
443KB

MD5
acf6ed4d9f034a6041e08a832d23210c

SHA1
d7f1783de96556fa10b91d0df07b9978e8d9a789

SHA256
2a4385e90bfb4c89dc823c72193fa416a8c30bee3f7045ec62aa230a62afe0e2

SHA512
d95cce63a2c52955e3d5ff49cfc6744b650703aec4bc3552a528a5cfaf1add9fde47c3266ec83729c2f61b6a4a2145b197b4e73b47a6971d476da7d5a0a07bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe

Filesize
444KB

MD5
75b9ad3e3d74bef605b97b2baae348b4

SHA1
2bc7b7e3d278a07e895ea3fa4b4041e5e1cda4bb

SHA256
f0d50421c0b926b542f08de19a885e7f6d196ccc4adfa2a59dbfe0b24f3f3fa9

SHA512
d65cdaf8d068523e855308cabec8743694b7e2fae9ff3dfe1b598e6ec22e383a834237df565692f8bcd4f6d8692aea3260c1cebba5d51117621aa1ccc2795578

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe

Filesize
444KB

MD5
3501370b20c9d16c7ff57257ab137a43

SHA1
5a0176941d96afe02f9fc8d42eebe1705ec39296

SHA256
ed2876230adf50353146a646752284de2bd8985956996188f67a6b87dcc9cf3a

SHA512
4f66c9dbd76bb5cec739e752c51eebcf6284d9ecaf4522481e32d508c304a537b39b84398a839da5e07b50f3aa146857744d2f5d9a72d3c588dbb07886580aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe

Filesize
444KB

MD5
026dfa31ccc1b782381217992fcd8831

SHA1
6ed2a9c8e85d0e4a8243eadd5508cd2d86ca3dde

SHA256
82522634498db8f068e1809cef62fd5acec0f838028b47620efc92849bb11681

SHA512
16695223bb8f491e40c6316a854f125e64c3d998d49fed6b655b8e34cec7548582276716de73fcb44dae3e316beeb3e540be85ba7753c56316650073c57337bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe

Filesize
445KB

MD5
3c1c0be478b909dd3f196d606e0df018

SHA1
809995c3488b06c6ace047406b81fef7e75e15d4

SHA256
5153353a46c44eafbffd03e786ba956e77d569b24675ad43d4d24beead1969d6

SHA512
c3d5549b92521bee6487ce2ad575016c5b96dcd47f445f0976b7827824cfc564a8a99617e12e477d04edd4b16fda8ddcd12eb7890f991bb3f62e907b4f4f7701

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe

Filesize
445KB

MD5
e92ff23543eec4bf6c408ea0e74f7a93

SHA1
7e7db42edf8c923448e64c8693da680d5b3defb9

SHA256
5ec72f13e3f2f7a9745484ca6804cc7b2a6a15a8761dd55f580d905b955e8fea

SHA512
289430f0754fe38329d5811803c8e4a2089386319fb068fb94808d3763779515c513c93ebed004c76bc04214a4c0270c24956331db66581aae398b33061dbb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe

Filesize
446KB

MD5
d64696a45dd2ccece927fd315453ee40

SHA1
1cc4475af5188b20a2bbdef401b7f26c3751155c

SHA256
c529d5d11d71b327c194ba85fe180c462689e09130713a503dbaa45003452e98

SHA512
6834f295a92f2dd19599f4242f129597e807ee9fc2c27aad2cbb0824cb54f439d3b36c215d5e064d16ac13e78a9104c477eec31613380bd4baa8cafe9bfaadad

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe

Filesize
446KB

MD5
7f18a80f5ecef1364ff2ba7c64cd9576

SHA1
f59488be4d05c01f4c0f3b62eeb631e115df1e14

SHA256
a3ac89c8a610476f2207d5bc4b14d67900aa776dec688901c1f56acd1934700a

SHA512
79c0443f1aa6012a6fa7f5a556fa44f642c0126988ccd7a85313259b741aab35ff55777169c4efff6d2e76129113ab78cb8f2f0d6e1c8c521ad643713e2ee866

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe

Filesize
446KB

MD5
c7f7ed43116e6ed4b0bb4a29a1844da6

SHA1
942e06037e1467d2b5c72e7383f785a632119f27

SHA256
9c791be1f15133616bc0de776bb606ab610149e33db8da94ed653616e4183bd7

SHA512
2f7baa8c247247a056969647097fe70f8ca383d1ebc129f8d2baef67ea45aa339b840e056618c847589f862fde2ff72d90741b3e3aaa49ea9b31c6cecf5be8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe

Filesize
446KB

MD5
63968501899dc23f693dabc79a52773b

SHA1
42fa81fd06d3ce4666681669bd68c03e0c78c96d

SHA256
b9170e5fde5ff409c9c718eff9b8c7f8f33fe638da2a2f8c188a0cb42745d388

SHA512
7783b4f67e98dfd0bc76b6404c3391d9dde6bd5a494348190a7b5ec13f8f1c65d0cebd7bcbc1fc04a9578a2134550ecc74500da56ad0fa4e887305a64227520e

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe

Filesize
447KB

MD5
a14bf8ecdc768c36c24c0df467551080

SHA1
93210fce4bd59a0f83715073b20547bdbbb081a4

SHA256
881c8bdbea1db7fc0c7abf114de594ae596b528122548dc0a8c4a35c17cb4c47

SHA512
48e15cf637944b9bf96259902ddf10c1eb5aacbf6331670a3e4b3edb1cc6004e5e0d9e08d59bbb9a384483836097c7e44a1078f5d5dc9543c7abb7b0c6f25968

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe

Filesize
447KB

MD5
f558eafce965d0877f8104f139e32d05

SHA1
379fbf110afe4f151b13a6136ed18d81c551e029

SHA256
4db069fc4ee1761acd3d7e8d4521acba8f21638ca59b1d5fb7b87abe8a6a66e6

SHA512
d35ce80d6881e1d4b25c95d65512c549229fa7344d4bec65fbd3237edd99e881f3ac5147a5dcaf8842c14b969a5790b2c2dcc8ced397db95e79ba4d0bfacc517

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe

Filesize
447KB

MD5
8362a4e5b95daa4fa7dce71b1a35e801

SHA1
dbcb4f520944078ab069707f5d0957aac6a6dbc5

SHA256
4ca96a15a17807358ba004d1c58ff7ea783fb5997a02dab49f7c4490b83d9989

SHA512
dbb9fc19b0702c71d75bb76877de82f5bf0807aa47a595bfc2bfe9741c0aa14dd95fd3445519344851dcf8b32aa19e7ae0b5e773d6279961a3cc33bf4111e8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe

Filesize
448KB

MD5
96933c2735885efacb011017a3228ebb

SHA1
c30e9d01de4b1081699f2c2db812d2706972d637

SHA256
2a8d4bdde65d4277bd55a549694f4bd1c75c606e66b1866cfae6667841fdfe54

SHA512
7b9002654be95c9e7e1290291f91a2ae4f9bea2c50e6cb32f14e29dfee3e3cbd200217a6502fc3a8335c11717a209f53e68eeb0ce45223b1dccbffe34e7f6bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe

Filesize
448KB

MD5
6e604422be77fbed17f98ac745d6bfd2

SHA1
07c868e6070c56283dc8500fd1e0bbd09e60ecad

SHA256
f35d47cfac4fd0bb50700e1896ebc65f4a1a81ee9c3c3569d905e37aaa112f0a

SHA512
c2491f7da03e8aa6e156819d7b70c965318fd2d5d65c82da341ba9b09ba97c57175de4503b2c12ed838c309e36f3a218f04e49a3e3efd7d05ccf93f1888e70a9

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe

Filesize
443KB

MD5
07adf4da3dfeffd0025a961c0805982d

SHA1
4fcd016c3f5164ab95ace833fec6bd50bb310546

SHA256
05e4265128e4cc27f2f87f18f681e099c6738e19d6e40553b04d5f0411b2786f

SHA512
c78ce8619b1e9ca6061083cbb5d5315049775eab65d5569ace3e9daac7ea02e99808c5f6ddee0da2eebc03d4b61605d7233ff02bc084821dd0a16261110c7bf3

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe

Filesize
443KB

MD5
1d4a4fdb3f9f52375cc1059f01414931

SHA1
c54f6fb7493c20c695b049a4efc5f4d88848994d

SHA256
f6a05bf429d8bded8d316ff352af852ecb83dd19c24f924dff12d2ea2fde1ca6

SHA512
dcad9974d05539ade69e4f77362bf0bd0f9da63cd2d8648db8fb702a3c5647a7886ab41ebb6e161833e719e56af4a67056845bc524b9b9c05e61878024cd0ed5

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe

Filesize
444KB

MD5
f0f7ecc0988347ba60c58c1ab6e82878

SHA1
c4c8fbfc26ca0ae002feddffea51c1cccba917d1

SHA256
a6fde0b4114fbb7931d83d4150b6dcf5fd50815469231dbd9778303fe41a1a3a

SHA512
622acfc09e8fa907d0f47e02ba76bfc4d4161fb656866b1c134837d8630cac02cab50e462385955ed6d0afb6eac8f04fc3c716187c3630daf42ecbdafc86338f

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe

Filesize
445KB

MD5
08ca80cf49b4e0d19ee5353847a7c530

SHA1
c56ac1a4962d0cdb433cfcb0aa0666a1f6bc8236

SHA256
c424ffdbf2e0572943001f7823bc85dc7805ea8a20ff10d663381a90967d285a

SHA512
d54a028e6dcd39191f7858b3a8f0dbb783097d069d3781e085cbcac7725eea9781c6fcb52002b78e9c9ef46c2a8e94d82f548701702a512802cad285ae53d4a4

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe

Filesize
445KB

MD5
2f3eabe9a1d187d94d36184f6c66af13

SHA1
d74ba9d09b47af7cb36f30ceb9457ab69333e27b

SHA256
704140910bd8167d51950bf9a18742c1dbe84124e3812ae6f8e9e88d3dd5a2e6

SHA512
04f6d9867f0d7024c54db9db3cd47b25e22d4c5baebeadb1956465c5eb437f14b92bdb8f58e70b10488450aa48758cfc0d946b20ab1f8912aea4b4c79dc113c3

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe

Filesize
446KB

MD5
e8f670379d299f8510acb70224c37e75

SHA1
7e821c097d3ccf5d176dad8e6c87d72be896b708

SHA256
99cd56e6c633dbc2410c96046d6e4bf7a4869177cb227605fee502414bfcee52

SHA512
cb4a3cd8f31f5b7e72cd23b24893137c7f25dc709b890c107de405d4bff34f6c2c100d7bd75ce34bf9f63aa5c1c8b6e5d65854a2d0f0768789431e6f45cef70b

Download Submit
\??\c:\users\admin\appdata\local\temp\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe

Filesize
447KB

MD5
cd128486789a715121cb15acebd174d1

SHA1
b4027597c9e9e22fc84311652eb5fc9ec710be1c

SHA256
ac31c38a8952c2f8699dfaf84dba9d9fa9f096ac452f1cb33b049d71b6af6608

SHA512
64c5f65bcf285e3c808b87e57e7c34eed3d049b9c17561027e7bd63f843fba23bd291d877227b39b203cee380c4c6a101f27d254b76c634dd712c62369361e12

Download Submit
memory/548-94-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/548-85-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/636-242-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/636-252-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/928-275-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1056-227-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1056-232-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1080-106-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1080-114-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1128-51-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1128-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1588-79-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1588-83-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2052-11-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2052-20-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2492-103-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2612-199-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2612-216-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2696-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2908-240-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2932-63-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2932-73-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3360-136-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3464-260-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3484-271-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3484-263-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3548-10-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3548-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4148-201-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4276-220-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4364-124-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4492-157-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4492-146-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4712-62-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4740-178-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4740-174-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4744-189-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4744-185-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4760-148-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4760-137-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4980-168-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5064-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/5064-43-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202h.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202v.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202g.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202y.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202m.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202q.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe\""	261e59af2e7a0ab3a29c0748951ef190_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202o.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202s.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202e.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202k.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202a.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202u.exe\""	261e59af2e7a0ab3a29c0748951ef190_neikianalytics_3202t.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads