759c1b8a933f17a67f7ac8c1531aab38a44ffd93a837bb9ef898474453ae664e

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
Size

395KB
MD5

03014af8620aa8fc8e8c7375c7807770
SHA1

9e5015136227fe473649f4fc39cb90ab9c1cf5e6
SHA256

759c1b8a933f17a67f7ac8c1531aab38a44ffd93a837bb9ef898474453ae664e
SHA512

c266866dc2eabccedf9219196863196859a15cf6edba1071079cca6af27fa0283489c2edc578f6d50c1f744a852ddca01f6d814f0991fe1861aa9199f4eabebb
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDj7:Os52hzpHq8eTi30yIQrDDj7

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
2712	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
1756	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
2880	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
1040	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
2736	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
2732	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
2748	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
2120	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
1608	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
1632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
2680	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
2712	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
2712	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
1756	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
1756	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
2880	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
2880	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
1040	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
1040	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
2736	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
2736	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
2732	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
2732	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
2748	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
2748	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
2120	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
2120	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
1608	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
1608	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
1632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
1632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bcbcac79eba54b2c	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2272	1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2272	1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2272	1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe	28
PID 1100 wrote to memory of 2272	1100	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe	28
PID 2272 wrote to memory of 2632	2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe	29
PID 2272 wrote to memory of 2632	2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe	29
PID 2272 wrote to memory of 2632	2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe	29
PID 2272 wrote to memory of 2632	2272	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe	29
PID 2632 wrote to memory of 2496	2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe	30
PID 2632 wrote to memory of 2496	2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe	30
PID 2632 wrote to memory of 2496	2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe	30
PID 2632 wrote to memory of 2496	2632	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe	30
PID 2496 wrote to memory of 2696	2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe	31
PID 2496 wrote to memory of 2696	2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe	31
PID 2496 wrote to memory of 2696	2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe	31
PID 2496 wrote to memory of 2696	2496	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe	31
PID 2696 wrote to memory of 2376	2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe	32
PID 2696 wrote to memory of 2376	2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe	32
PID 2696 wrote to memory of 2376	2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe	32
PID 2696 wrote to memory of 2376	2696	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe	32
PID 2376 wrote to memory of 2352	2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe	33
PID 2376 wrote to memory of 2352	2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe	33
PID 2376 wrote to memory of 2352	2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe	33
PID 2376 wrote to memory of 2352	2376	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe	33
PID 2352 wrote to memory of 2776	2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe	34
PID 2352 wrote to memory of 2776	2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe	34
PID 2352 wrote to memory of 2776	2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe	34
PID 2352 wrote to memory of 2776	2352	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe	34
PID 2776 wrote to memory of 572	2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 572	2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 572	2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 572	2776	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe	35
PID 572 wrote to memory of 1516	572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe	36
PID 572 wrote to memory of 1516	572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe	36
PID 572 wrote to memory of 1516	572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe	36
PID 572 wrote to memory of 1516	572	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe	36
PID 1516 wrote to memory of 2200	1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe	37
PID 1516 wrote to memory of 2200	1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe	37
PID 1516 wrote to memory of 2200	1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe	37
PID 1516 wrote to memory of 2200	1516	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe	37
PID 2200 wrote to memory of 1796	2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe	38
PID 2200 wrote to memory of 1796	2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe	38
PID 2200 wrote to memory of 1796	2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe	38
PID 2200 wrote to memory of 1796	2200	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe	38
PID 1796 wrote to memory of 1784	1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe	39
PID 1796 wrote to memory of 1784	1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe	39
PID 1796 wrote to memory of 1784	1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe	39
PID 1796 wrote to memory of 1784	1796	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe	39
PID 1784 wrote to memory of 1612	1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe	40
PID 1784 wrote to memory of 1612	1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe	40
PID 1784 wrote to memory of 1612	1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe	40
PID 1784 wrote to memory of 1612	1784	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe	40
PID 1612 wrote to memory of 2968	1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe	41
PID 1612 wrote to memory of 2968	1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe	41
PID 1612 wrote to memory of 2968	1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe	41
PID 1612 wrote to memory of 2968	1612	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe	41
PID 2968 wrote to memory of 2664	2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe	42
PID 2968 wrote to memory of 2664	2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe	42
PID 2968 wrote to memory of 2664	2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe	42
PID 2968 wrote to memory of 2664	2968	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe	42
PID 2664 wrote to memory of 2712	2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe	43
PID 2664 wrote to memory of 2712	2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe	43
PID 2664 wrote to memory of 2712	2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe	43
PID 2664 wrote to memory of 2712	2664	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1100
- \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2272
- - \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2496
    - - \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2696
      - \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2376
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2776
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:572
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2200
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1796
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1784
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1612
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2664
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2712
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1756
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2880
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1040
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2736
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2732
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2748
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2120
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1608
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1632
        
        \??\c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe

Filesize
396KB

MD5
0bdf93bc8c06af4e7c64f88a11573339

SHA1
b8e05c698b3a76fb816c21e88de665a52d192ed9

SHA256
7e8e5f9c7d96a5a8a60b809c6a9413c63714a0757e0cbcb9b9957d439403ac81

SHA512
d9e9f36619bf04f4b8938453f3812704c1097d72c226c5a259665e842bc705854a0148a1202ebb55c993a3a4d6f8f8f1992968cb6bee938c7ea821cbcb163378

Download Submit
C:\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe

Filesize
398KB

MD5
fd0349ab8ee03f1dccdae8801aab1fcc

SHA1
3ab615ee823e6fc9ed32fdadcaa7c5dc4684e9c9

SHA256
1c26b29b541de97dc68a3b4dcaf38c557931e78a2556b93afdc15825a6335e3c

SHA512
ab14b43b947930fb015b3246bf337c3edebcf0cd5dd079adf65d9ee199a9ca738afee4512b7b60d6ce79617b397d4d293161dcc550d76a42ea8b6d6b4a35c038

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe

Filesize
395KB

MD5
c2532188f83795d23ce2186ba457fec6

SHA1
a7a844cf96bf7a721f3939a702f12a2f297ea621

SHA256
ae3ae60b53b82071af7a4436a61163252fc97118877bed8f99110af2a22061f9

SHA512
dfeaab01e8eeaff8a8173ed70db6c25d18838d085b0a2537f42b01a9bb835e364f59afa1aa26ddcc3159f6020168ea61ac2f881639e37134b6acfea7ec23046a

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe

Filesize
396KB

MD5
77b8889e5493f20f13b35f18a81b755b

SHA1
71bfcbeb5b3f32ac54a1bd1c92516d7a5b35ed4a

SHA256
1f3ad48954ee36c8ebf04bcb57b99350e1016ca7d584855660e874a2851e42d0

SHA512
19d142a8211771e7a60c3dac0609a6b897dbe6e1b1ad40d5667bdcbb565991fc57d6c299889b06f900ed59e4277385acf69b24fab0c48f9270c422459ac8b3d2

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe

Filesize
396KB

MD5
2b828f32ca31a77c5979732fcff02de3

SHA1
dd41d3548c536c3a58860f71f52ef8c1425d2f06

SHA256
3cbc8143e2a261ebb3eabb584d19f2ee58f2f9feab159fbc4db74dade9075571

SHA512
1cca5889cb296eba511d6f3d32a9c4742c2018ef933bee2f850b1352d9a3c506a983ae8c96a1ba3641c8a084cf533a066e6846f37fba15c14ada3b8ab8930667

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe

Filesize
396KB

MD5
0702d1fbef4478810b83458d50df6706

SHA1
339badad0bfde395c5d37d53441998e76e9290b4

SHA256
32fbb7960ea56c97483c42c0a07b17ea3336b9998360f23b2926fb212be993af

SHA512
5832373dd7a0634e592d4df995a2085d8427c8b3f939969fa24df3c8e46d663275fc026fab9c080a744d910be057e73f88a77210f2466930d5b5944990026ae1

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe

Filesize
397KB

MD5
6d6db7f78b4259961140ba1b9cf2c58a

SHA1
f977db1aabc6c37879c4c2aaa9d3fc333bd91d6e

SHA256
704a5c99a79cc886481857c39196275b2e198bcc53f5549e646b7b65c7ed7e33

SHA512
19f0b454118114e41feb5e739468e45f6ef2162ae540f0f4f32fab3246536bd85168581264978c5b0c071e40186c77fe90260be62e5aa4e86177d9417091810b

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe

Filesize
397KB

MD5
4cdab86d7d77d4abb1f76ba3a98dee33

SHA1
0242d5a679495dcc72197592ca8723fca7c556af

SHA256
86ee4221b6de55221160094cc8c7faf291512ad9af46c16b5217f321a2424f0d

SHA512
c81131a068e156981b70d7cbf6c94d5ca8b36364c38463255d8421058e1b6767409950cbba2c08178575125f48d55182c24a7ceb2643fd801f6a265548c3bc18

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe

Filesize
397KB

MD5
c052b98cdd92a547615be2f56e520c14

SHA1
0329445d77b356516aed64d0ef59913385471c01

SHA256
f5568042fcc9f78c83465db5489fd4c65a32f4d7c31d93417bcf7f2d27200489

SHA512
88750db76211448d8adc1047c41735b080aa3234e3ed36af64f9e767e58e3e7aa7551fb9319f3dab3ffa55ff48de4770d3c4fe5641d205378a5cdf9f6b8435d7

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe

Filesize
397KB

MD5
18f76c3e63790a260d5efb458b7a28a8

SHA1
99426578b8f46db1bbc35c83d3b6e256ab35162f

SHA256
d3fde438aac5af36eb13f953e1df67c1533dc4fb544c9c7967137290cc2eefc7

SHA512
b55e38cf0fab1aca27225ea0ac81851d646940406ac2f9063353a0f075b0b3bafeac0b2cb6053668b3023c308f5ced330b9dccdc3364aaaa507d94998dbc9988

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe

Filesize
397KB

MD5
cb33fa47b9f4264e1375fc43a04213f5

SHA1
705cfd09bb19e53649bb5e5f4b67b9cbf44a2718

SHA256
5ed8126440f7ec3174e29b86f2d9e6d15bedbd17fc4b5308953d674ad099b0fc

SHA512
67e47c498b448ab6ad8b15f7b13ed28bbc8aa04847d54de3b0f22a6b0ed6e7538e1155841f48953d502c024ead4a528a6b20ce8fa081ad9ceedbb0930a99cb41

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe

Filesize
398KB

MD5
24f1433c49b7c048640f02dd408d66eb

SHA1
ee470341f875be2c17d99cc2d36da8b9efc4c67e

SHA256
204057d4149f4a152a20b3e8a3c7e1dbe118e7e5b40ccd9182a0460db537cabb

SHA512
ca7e6a888eef058775106e31a687697e6209918cd99f832448815c425dbe193061871dea1ebc0b8a3e8bedf1a588b98031ad1621d27dfd661fe50877d8653791

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe

Filesize
398KB

MD5
d913a8ea36b9eb01f73ab85446585745

SHA1
8eeb9ef6650cbc06cb512a94848a02d5b67a5061

SHA256
d4d187f833883f55938b11f41116bad3c82469e28668f957d2a26fb22725399f

SHA512
63cf214cf189621bb3c9fad70d4321fd5e0be0c0d855565482d62603a278772e5094e98a832c4f018193917869157001b827eb90993982d81d9e4d6a21947cbc

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe

Filesize
398KB

MD5
f649d3e98c8377ea7109be7f9381dd43

SHA1
0fb0ea39e329bc9f72470c3c1063e917ed19f58c

SHA256
7ff530c3f4b6842f94f3a122f641985a70b713679b5f8ca5f429e850751124b7

SHA512
d2ccba510c1e123ec1e1429d9c4b0038929fec278e569c23d605719e8b11c47ce92f090b59f4a737ed66bbe93b0017e7b61cf536b087885b7450ec5734b3d32e

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe

Filesize
399KB

MD5
725f2d7f592266dca1aaeaee6d853442

SHA1
2e89ef36303f604b09b1b4972f62d9fb6a022dbe

SHA256
3e2fe6d9cd481ae47fb7ffc41f7ed823aa79a5b50c63073c5f49a3918f699bfc

SHA512
7e5849c556b7e819d786d41a3ac1b4beacf4035afb7cd0a469016ecc940f0e4f0483b9c11cc38859c0a14c721a16350534cc4ad2ab09bdb70b6db512ee29fd82

Download Submit
\Users\Admin\AppData\Local\Temp\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe

Filesize
399KB

MD5
5427cb8f293456ca167bfbfb687abb67

SHA1
c7e0967c298606ec14756b2425a9c7e774f470ba

SHA256
659270d0d402557e6e2f617b996a16cf3b7abfce83ded66f4ed16f4495b62cbd

SHA512
5f5cf6d01b32433c5017cebd553d138cfd959799fccd4b4f488678efd3e218cc0123009f06a478a315523d5e619be1edd4ed013552c7076f224ff14166baf64d

Download Submit
memory/572-129-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/572-144-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1040-308-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1040-368-0x0000000000380000-0x00000000003F9000-memory.dmp

Filesize
484KB

Download
memory/1040-297-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1040-309-0x0000000000380000-0x00000000003F9000-memory.dmp

Filesize
484KB

Download
memory/1100-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1100-13-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1516-145-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1516-160-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1608-367-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1608-356-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1612-219-0x00000000020B0000-0x0000000002129000-memory.dmp

Filesize
484KB

Download
memory/1612-226-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1612-210-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-369-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-380-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1756-282-0x0000000001D60000-0x0000000001DD9000-memory.dmp

Filesize
484KB

Download
memory/1756-284-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1756-283-0x0000000001D60000-0x0000000001DD9000-memory.dmp

Filesize
484KB

Download
memory/1784-193-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1784-208-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1784-202-0x0000000001D40000-0x0000000001DB9000-memory.dmp

Filesize
484KB

Download
memory/1796-192-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2120-355-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2200-162-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2200-176-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2272-24-0x0000000002170000-0x00000000021E9000-memory.dmp

Filesize
484KB

Download
memory/2272-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2272-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2352-161-0x0000000000350000-0x00000000003C9000-memory.dmp

Filesize
484KB

Download
memory/2352-111-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2352-97-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2376-95-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2376-94-0x00000000002D0000-0x0000000000349000-memory.dmp

Filesize
484KB

Download
memory/2376-80-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2496-48-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2496-63-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2632-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2632-46-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2664-243-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2664-257-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2680-381-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2680-383-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2696-78-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2696-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2712-259-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2712-271-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2732-322-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2732-333-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2736-321-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2736-310-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2748-344-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2776-113-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2776-128-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2880-296-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2880-285-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2968-241-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2968-227-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202e.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202y.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202s.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202m.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202g.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202x.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202a.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202k.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202w.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202.exe\""	03014af8620aa8fc8e8c7375c7807770_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202d.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202q.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202c.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202v.exe\""	03014af8620aa8fc8e8c7375c7807770_neikianalytics_3202u.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads