897d90f833441dbff240c943f72c89b2337b8671d1a8a5fdc6d690c035e267e7

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Size

439KB
MD5

48e0e7f8cffe3795539847cac7e51670
SHA1

60cabecdaaccdbb79823f51c86dcf88edd5dd7b1
SHA256

897d90f833441dbff240c943f72c89b2337b8671d1a8a5fdc6d690c035e267e7
SHA512

615a1ef3187873227f98809fb376875385d6f98dc4b8bcd11f2deef169bc8f5324a8543245a735455d1d0458da19809939424e032e0c02131b0fd2b8482e5a1b
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bKrvuZqMw6C:Os52hzpHq8eTi30yIQrDKrvuZqb

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
1172	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
2200	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
2376	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
752	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
1940	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
776	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
1676	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
2252	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
2392	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
1632	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
1860	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
1172	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
1172	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
2200	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
2200	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
2376	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
2376	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
752	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
752	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
1940	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
1940	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
776	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
776	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
1676	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
1676	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
2252	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
2252	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
2392	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
2392	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
1632	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
1632	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = f396fab8d978ffea	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1732	908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	28
PID 908 wrote to memory of 1732	908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	28
PID 908 wrote to memory of 1732	908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	28
PID 908 wrote to memory of 1732	908	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	28
PID 1732 wrote to memory of 1636	1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	29
PID 1732 wrote to memory of 1636	1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	29
PID 1732 wrote to memory of 1636	1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	29
PID 1732 wrote to memory of 1636	1732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	29
PID 1636 wrote to memory of 2592	1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	30
PID 1636 wrote to memory of 2592	1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	30
PID 1636 wrote to memory of 2592	1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	30
PID 1636 wrote to memory of 2592	1636	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	30
PID 2592 wrote to memory of 2492	2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	31
PID 2592 wrote to memory of 2492	2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	31
PID 2592 wrote to memory of 2492	2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	31
PID 2592 wrote to memory of 2492	2592	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	31
PID 2492 wrote to memory of 2464	2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	32
PID 2492 wrote to memory of 2464	2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	32
PID 2492 wrote to memory of 2464	2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	32
PID 2492 wrote to memory of 2464	2492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	32
PID 2464 wrote to memory of 2508	2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	33
PID 2464 wrote to memory of 2508	2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	33
PID 2464 wrote to memory of 2508	2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	33
PID 2464 wrote to memory of 2508	2464	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	33
PID 2508 wrote to memory of 2696	2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	34
PID 2508 wrote to memory of 2696	2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	34
PID 2508 wrote to memory of 2696	2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	34
PID 2508 wrote to memory of 2696	2508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	34
PID 2696 wrote to memory of 2568	2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	35
PID 2696 wrote to memory of 2568	2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	35
PID 2696 wrote to memory of 2568	2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	35
PID 2696 wrote to memory of 2568	2696	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	35
PID 2568 wrote to memory of 2108	2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	36
PID 2568 wrote to memory of 2108	2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	36
PID 2568 wrote to memory of 2108	2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	36
PID 2568 wrote to memory of 2108	2568	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	36
PID 2108 wrote to memory of 1544	2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	37
PID 2108 wrote to memory of 1544	2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	37
PID 2108 wrote to memory of 1544	2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	37
PID 2108 wrote to memory of 1544	2108	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	37
PID 1544 wrote to memory of 2368	1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	38
PID 1544 wrote to memory of 2368	1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	38
PID 1544 wrote to memory of 2368	1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	38
PID 1544 wrote to memory of 2368	1544	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	38
PID 2368 wrote to memory of 2876	2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	39
PID 2368 wrote to memory of 2876	2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	39
PID 2368 wrote to memory of 2876	2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	39
PID 2368 wrote to memory of 2876	2368	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	39
PID 2876 wrote to memory of 1944	2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	40
PID 2876 wrote to memory of 1944	2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	40
PID 2876 wrote to memory of 1944	2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	40
PID 2876 wrote to memory of 1944	2876	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	40
PID 1944 wrote to memory of 1800	1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	41
PID 1944 wrote to memory of 1800	1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	41
PID 1944 wrote to memory of 1800	1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	41
PID 1944 wrote to memory of 1800	1944	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	41
PID 1800 wrote to memory of 1400	1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	42
PID 1800 wrote to memory of 1400	1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	42
PID 1800 wrote to memory of 1400	1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	42
PID 1800 wrote to memory of 1400	1800	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	42
PID 1400 wrote to memory of 1172	1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	43
PID 1400 wrote to memory of 1172	1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	43
PID 1400 wrote to memory of 1172	1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	43
PID 1400 wrote to memory of 1172	1400	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:908
- \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1732
- - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1636
  - - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2592
    - - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2492
      - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2508
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2696
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2568
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2108
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1544
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2368
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2876
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1944
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1800
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1400
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1172
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2200
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2376
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:752
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1940
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:776
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1676
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2252
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2392
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1632
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe

Filesize
439KB

MD5
dc3497e269fde003a477a261c435e7a9

SHA1
30ce98f929d28e21f53abc4602d774f160c02028

SHA256
1e32a12cb98540523d98e352dc383048312bef1ebf4c5a8a51c3cdef3f26599d

SHA512
59a84ac1e6efe88908066ac960c8a1a85fbe981bb2caa6e4def95d8fb6ef7785dbb0d6cff6bee8d6fcc3b1fca4448afd6d6445f422cd5b239be3ccefaffafeaf

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe

Filesize
439KB

MD5
57e1b0cd2da069c7fd7a4e0daf17c74e

SHA1
dd8a7caa76ffe291041fb80d1415e969442d2d48

SHA256
6de6eb02d186273d90e77a33d1465420ee779c064fd7a234225d65b1bfa04e4f

SHA512
500ebca8ac2b6845bf65798fb7770cedf8dddab9f1b99b2c73a8070c34f271e2cf2a9d6df0e315bb48e6b75c393c53ac18ad31649aeadeda6ff794900f73db84

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe

Filesize
439KB

MD5
3b0be437e3288c4c075fb03c741b5502

SHA1
cff6fc57be84fdb2f59ae2df8ab3c744d8c8d599

SHA256
19a7268addce7b12ae3b210ade9cfb48853e8048dacfeec9ec3164bfed2128a3

SHA512
c0d46e0c761a7eb199c0d47e8b82fbc601364e8c9cf53b8fbc7bfb4b45414dc7cd10520f6ad2a29ee5074ac7ba1cc04f47e968e5efab1e00c04f08f1af9ece2f

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe

Filesize
440KB

MD5
689a4a6c6669c247d0a13e6e58b79cf3

SHA1
dd1dbc8a2db6fee25b50391443f448161053ef66

SHA256
9e89a9e7e84a61b619334351872dc4d9e269c164cf27bf8d3c6619221ce58f75

SHA512
74d664187d5001e64d8208497e35d9c324680ed2c616811f6fc32eadd1ac488778805cd882da53467319892929fe094f2718b4c11df224107faa0b8fd1a58a63

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe

Filesize
440KB

MD5
e775934ecdfb989f5793231bc905580b

SHA1
741bd01a1f8405bc97f9df66fbbc928771fde1e8

SHA256
cc340e3caeee46ef236de42dc764cbe278eb3d860158f6bf75d0cbb90f7dc19c

SHA512
98cbef6ad36c6a823d1e034ba511f3f30febf1f7028f3237a1244595edd5549a034442aedfcef7c8df691345a97464925cd3daa6dff98bed63079b0b211a49d8

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe

Filesize
440KB

MD5
02b09a076e5cc10b335ceb56b010ceb3

SHA1
e6651f546a09ffe9900679eb29d479748e180896

SHA256
e73be5f9196b068fb998779259b920c6b916bed7f97bcb40178eed2320f86e3c

SHA512
899c0b0fbeb35eb10747605020b1da32233c7faf2978c3bb3252b1c5575c025cfd1975a36885598926a87cb086e96f7fbdc1dd41f982310980b84fae55669e28

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe

Filesize
440KB

MD5
eae4c4cb12c9776a6fcbda88186b19ca

SHA1
6f8ac9139b3493bdf4adbc669c3bd45bece1bb77

SHA256
c1a8db4845200ccb7471c0ae9b62d296db48181445f18efd65d417f9dee8e4a2

SHA512
595ce78a853afd47dc2d1aa1b50ff1c6b39a12445f067fbbbde10df97ffe25d154fd8b5c285cd71eeed3364e8bde0ef95732095492f8f2e26597cf131e20b17c

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe

Filesize
440KB

MD5
5d0eced9f7259b7f77cc7563448634c9

SHA1
f737c265412aa30ce081137a623edc04c8050b12

SHA256
f1d4f88101f2dc46b150006e8c92647ea5494f400597073cd5c274bdd80e5f65

SHA512
ea302339b52d817b62abdb164f9297a000fb0ffba677053a6d421e10a258c42dcbb4ce640104b7992afe86cd40ce24226ed14514c3a0705ad449032aa62f4c68

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe

Filesize
441KB

MD5
542e7690ad35c25fc223c2f3cf466005

SHA1
91c482ddee53e3a1f7829b0c9bc080a3356330dc

SHA256
6987d52a2b811c80f9201af1e5a53e6bf11a6a377fc7853cd6d95d0e56b1221a

SHA512
f22818345852f0e68aecd382844d4690d381850bfbace805c41fbc77f796909c72c3d813f964bccedff22de565013bd07111e27b234754c88d2c6fb8aaef501a

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe

Filesize
441KB

MD5
957e08ac092e9df297a70af2b6aaee1e

SHA1
e9680d8a2ab7e845359462cbcc0974994e10419f

SHA256
fbf606a2146f0c354ccb26c80512908c4f35d701697c3d4d2259019ddba5c611

SHA512
1195bc0e9ecd29cc266d89b681da72917f04e08711e247777dc07c593f838781b282973a99b0bb686fb47216e99e83b8f82f863844b95db5a141223e717a19d1

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe

Filesize
441KB

MD5
16ed20815228cdde44bae97346bbcf62

SHA1
88678ec680d07f2b8e3b8d654e459ee6bf32d9da

SHA256
61d679bf218795c92f8dab016e64814492e10cea5c68cada99e20909e2dfe4fd

SHA512
65e321da73db1e01b83bb265ace3fcda0c57afb2f548ec37c90dc881cd91537f80ea55d535b3ca72c5b7662c4dd0ad92915ef37ec4b973f86f9bc63accab8ad2

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe

Filesize
441KB

MD5
e64bcc3b2f66811416d2422b3feb9c04

SHA1
1bba7f3772b2a95e9b8edab781676915a4d822d7

SHA256
99657606f2612ca6b0c20ec0e6412a96a0236959bd1b03ae7a498e4dc8d68cfb

SHA512
1e9e3231907408e27f054e55c00b04b748e0e647e6db7b3e092e4caa25bc06114988c6df4ebf090aef899f0572af2cc6bdaeb3b7e20b946aedd5c612f692d7a8

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe

Filesize
442KB

MD5
1f183d7851b0c8dc357487c5061c516b

SHA1
419528790e6adc4b39d7387d7b9983e43c798a96

SHA256
531f31c003df642848d2168e7f8062b7c930921b48ca514389b5abc2b473c210

SHA512
d71d34dd05437c8cadbf77fe297f8f2e26bcff5a3b6861ec2c946769d3c23b17dbb68fb0d213410af45ac9e1d7b1825e57efa15627948882656709f3d7e6a749

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe

Filesize
442KB

MD5
a2ad996266db54b01bf66008f2acd0db

SHA1
8add187faa60dcaf4e95a152d844c1fe4e4e7264

SHA256
128fd44fabe7fe1ac2dc276e74bd196e8216dced8f7387835c0cdd104d2c0394

SHA512
e6c3bbe61f074de1558782832987a79fdc2b66da55fba50b337b0b8fad8299a9458f778cbef0f5ca4d9ef132c0c24d2aa7381703f4d6da93eaac4da75ec60f1c

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe

Filesize
442KB

MD5
e6619c1db32e1efd4516c66b0a31921a

SHA1
e3ddb7026244d451b2bc47fb41a014b341ae2a46

SHA256
fcb424271c940320dbcd83be659d2dfc08622850b4229479ee86d37773fbfc3e

SHA512
12034b9097e1c8cbc724f47a4363cab69101f514719eae46f3b704bcd3b4a2029e7cf10aaf53d9e80614b2aeab00a18f7c7eee8b4ec955ae890442a0071f4696

Download Submit
\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe

Filesize
442KB

MD5
722a238d39b1551ac9797a4bb564dd57

SHA1
7df769b83280951ab1bee3a39eb389948d6d768b

SHA256
355b746796762cebec245f34e2677a69707952ed0f84c9c14d3474e7f5dba1eb

SHA512
ad79b1c3b799992f6d06a8167af5ca4c37606bf86051941a06bfc0cf9c40322a60c1d1334d1db1937e635065018e42d47d02347afad49dd0ca7ff7d10e40b6a2

Download Submit
memory/752-300-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/752-294-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/776-313-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/776-324-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/908-14-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/908-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/908-16-0x0000000001DC0000-0x0000000001E39000-memory.dmp

Filesize
484KB

Download
memory/908-13-0x0000000001DC0000-0x0000000001E39000-memory.dmp

Filesize
484KB

Download
memory/1172-263-0x0000000001E50000-0x0000000001EC9000-memory.dmp

Filesize
484KB

Download
memory/1172-264-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1400-250-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1544-173-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-373-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-367-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-47-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1636-32-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1676-336-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1676-325-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1732-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1800-221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1800-236-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1860-376-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1860-374-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1940-301-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1940-312-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1944-220-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2108-143-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2108-158-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2200-276-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2200-265-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2252-348-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2252-337-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2368-188-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2368-180-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2376-288-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2376-277-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2392-349-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2392-360-0x0000000001E10000-0x0000000001E89000-memory.dmp

Filesize
484KB

Download
memory/2392-361-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2464-94-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2464-88-0x00000000026E0000-0x0000000002759000-memory.dmp

Filesize
484KB

Download
memory/2464-80-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2492-78-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2508-110-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2508-96-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2568-127-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2568-142-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2592-62-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2592-54-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2696-125-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2876-190-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2876-205-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe\""	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads