897d90f833441dbff240c943f72c89b2337b8671d1a8a5fdc6d690c035e267e7

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Size

439KB
MD5

48e0e7f8cffe3795539847cac7e51670
SHA1

60cabecdaaccdbb79823f51c86dcf88edd5dd7b1
SHA256

897d90f833441dbff240c943f72c89b2337b8671d1a8a5fdc6d690c035e267e7
SHA512

615a1ef3187873227f98809fb376875385d6f98dc4b8bcd11f2deef169bc8f5324a8543245a735455d1d0458da19809939424e032e0c02131b0fd2b8482e5a1b
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bKrvuZqMw6C:Os52hzpHq8eTi30yIQrDKrvuZqb

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
1536	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
1140	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
4372	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
4996	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
3288	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
540	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
4868	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
3692	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
1056	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
4872	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
1948	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
1268	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
628	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
2404	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
2316	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
4972	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
224	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
4908	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
4804	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
4388	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
4408	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
4064	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
4492	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
4016	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
4508	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = e9e811d528b82ac6	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 2732	3892	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	82
PID 3892 wrote to memory of 2732	3892	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	82
PID 3892 wrote to memory of 2732	3892	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe	82
PID 2732 wrote to memory of 1536	2732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	83
PID 2732 wrote to memory of 1536	2732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	83
PID 2732 wrote to memory of 1536	2732	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe	83
PID 1536 wrote to memory of 1140	1536	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	85
PID 1536 wrote to memory of 1140	1536	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	85
PID 1536 wrote to memory of 1140	1536	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe	85
PID 1140 wrote to memory of 4372	1140	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	87
PID 1140 wrote to memory of 4372	1140	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	87
PID 1140 wrote to memory of 4372	1140	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe	87
PID 4372 wrote to memory of 4996	4372	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	88
PID 4372 wrote to memory of 4996	4372	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	88
PID 4372 wrote to memory of 4996	4372	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe	88
PID 4996 wrote to memory of 3288	4996	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	89
PID 4996 wrote to memory of 3288	4996	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	89
PID 4996 wrote to memory of 3288	4996	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe	89
PID 3288 wrote to memory of 540	3288	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	91
PID 3288 wrote to memory of 540	3288	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	91
PID 3288 wrote to memory of 540	3288	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe	91
PID 540 wrote to memory of 4868	540	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	92
PID 540 wrote to memory of 4868	540	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	92
PID 540 wrote to memory of 4868	540	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe	92
PID 4868 wrote to memory of 3692	4868	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	93
PID 4868 wrote to memory of 3692	4868	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	93
PID 4868 wrote to memory of 3692	4868	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe	93
PID 3692 wrote to memory of 1056	3692	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	94
PID 3692 wrote to memory of 1056	3692	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	94
PID 3692 wrote to memory of 1056	3692	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe	94
PID 1056 wrote to memory of 4872	1056	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	95
PID 1056 wrote to memory of 4872	1056	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	95
PID 1056 wrote to memory of 4872	1056	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe	95
PID 4872 wrote to memory of 1948	4872	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	96
PID 4872 wrote to memory of 1948	4872	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	96
PID 4872 wrote to memory of 1948	4872	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe	96
PID 1948 wrote to memory of 1268	1948	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	97
PID 1948 wrote to memory of 1268	1948	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	97
PID 1948 wrote to memory of 1268	1948	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe	97
PID 1268 wrote to memory of 628	1268	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	98
PID 1268 wrote to memory of 628	1268	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	98
PID 1268 wrote to memory of 628	1268	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe	98
PID 628 wrote to memory of 2404	628	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	99
PID 628 wrote to memory of 2404	628	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	99
PID 628 wrote to memory of 2404	628	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe	99
PID 2404 wrote to memory of 2316	2404	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	100
PID 2404 wrote to memory of 2316	2404	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	100
PID 2404 wrote to memory of 2316	2404	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe	100
PID 2316 wrote to memory of 4972	2316	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe	101
PID 2316 wrote to memory of 4972	2316	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe	101
PID 2316 wrote to memory of 4972	2316	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe	101
PID 4972 wrote to memory of 224	4972	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe	102
PID 4972 wrote to memory of 224	4972	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe	102
PID 4972 wrote to memory of 224	4972	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe	102
PID 224 wrote to memory of 4908	224	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe	103
PID 224 wrote to memory of 4908	224	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe	103
PID 224 wrote to memory of 4908	224	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe	103
PID 4908 wrote to memory of 4804	4908	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe	104
PID 4908 wrote to memory of 4804	4908	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe	104
PID 4908 wrote to memory of 4804	4908	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe	104
PID 4804 wrote to memory of 4388	4804	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe	105
PID 4804 wrote to memory of 4388	4804	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe	105
PID 4804 wrote to memory of 4388	4804	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe	105
PID 4388 wrote to memory of 4408	4388	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe	106

C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3892
- \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2732
- - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1536
  - - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1140
    - - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4372
      - \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4996
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3288
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:540
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4868
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3692
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4872
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1948
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1268
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:628
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2404
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2316
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4972
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:224
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4908
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4804
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4388
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4408
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4064
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4492
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4016
        
        \??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe

Filesize
439KB

MD5
429ec67de38eae8c656defad5c47f8af

SHA1
a7168e4ace5557ae213b5134c6c7fb5975a63cb9

SHA256
a03ba70974c54fe905c0ee2952340db186d93819375d97a0c8fe6fd5d642f12b

SHA512
aedd8f374d84f0aede4cca10d0033a8122c36c80760902b30474c443cc95761554c5909414ae1c04c8c014a20002b2c897a89809f9e801ff8464853205ea9f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe

Filesize
439KB

MD5
bf586a8e9c4bc97e17fed0745eac7f21

SHA1
73e0194e7ec02e978073c54a84c47a4a97885290

SHA256
abc7ba7989adc9f46a7f9cc73a579ea23c462ef508c9445c63022ea28bbf7ec0

SHA512
0a72cc714863e1c1a4e29634875c826f7733649cb3b4acf886ed9d50250c1b837c3949226282927bf239b9bfd31cfbd822e02e83214c5586ed70b9a02d595ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe

Filesize
440KB

MD5
2705c7dcba879729ffd75aade78a8fb0

SHA1
f08c11a71f4c397f8192e4873e3079958f6425fc

SHA256
d501e82dcd868f1c98a7ebe25e3d4f012fed60ae3b91d9b121b0468d84dcbdae

SHA512
6a8b5bbec2874cd809cc91d2863069708eec0f9e62c0d756ef7990fa8c3754e4bdcad186112fb779561fa8723dcd67f500c5eae0cddc8b6c24a8bb65d5af0ee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe

Filesize
440KB

MD5
accdc1a3a9d50851c87a81cb34506644

SHA1
6ca09aa8dd98e3565dd0f4abad4043bc33dbb711

SHA256
2fb25b8f7720d29ab8bca0cc394f8d7aa265f6cc2e944d801366273b3bb9cb0e

SHA512
169b6e375b6f6355e902dc3043c7c90fdc4f15a3df189f0618bcc80bb59b7d43ab63397e45832abac83e05b2a4f2266be63ab15e1a073c6b78c8fa532c7432e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe

Filesize
440KB

MD5
b5146c0c0b3f7e7f1b36c0fe027f5bfc

SHA1
02a592a956138cb868015822a5829d5429361292

SHA256
96d037fe23be0649fb776ee33d7c81997580dff2c47e64e82672a4cc1bd05995

SHA512
4ed25dafcdca8ce0a2796ba7d85c406a8c3a407f24f8085756a09d0b32a57a0511c995633af649d81ae6505d85f1228d41ab44e4e887cc1517f422af52f4197a

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe

Filesize
441KB

MD5
fa3327683c67b7b8ca65202bc20e4c7f

SHA1
fce688613e9c531554dacb170f6897b5f6f34d4c

SHA256
8f891f94235f78ba1e7e0914322aec5dabeed5e560e189b1044a8a2945c9e705

SHA512
9bacf7ea8d8b601817d545e74e57eded09c01ac944f2c5e958b6b9785641afd2a27391eebe5ca334f996ff83325199e81bbc13391fe0a869ddb1d751f46cead3

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe

Filesize
441KB

MD5
dfd7b9e8a097e03856476903137eaaec

SHA1
2201d9711001fe363a5b90f5b66da89f0da32cc5

SHA256
266d7f0d96728ae0b7e39ed7b206aebf7f802ea9ceb8918af92e713ab05a9fcb

SHA512
cf6e6adc48127aed197b5c5b4e859846fcbc530db2976081cd5807491ec90afc86ad95fc900db91694a89066993932cce2adfd39bfa1a6cc8a3134a6771d6111

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe

Filesize
442KB

MD5
d716909ade0ec64bcb4f3f899616537d

SHA1
d022956b82d61239b23ba638b53df42fb3cd6a81

SHA256
561e3422237af657f2e00a5a7180c6e397de9a74088415788a31592df6f8a532

SHA512
f05bf4c9c7c5c2bdb7fa20e67d57044edc89f51bafdcc3bd297c8d7b8798a0e39f18ec3f4f102dec1229dcd46c59c4a4774b96d6be4c7acbc4ecd1c9efcb3ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe

Filesize
442KB

MD5
0e4257cf614e34347841420f750247f4

SHA1
d196237943b3c6c1f991b103cb88cb677d41f54c

SHA256
1c60d83fde0c3a10cfc59e4d51fe0710eadc3c2703b63526d1c2162f0b8041a3

SHA512
4f7310b51a16e79abcd653fe7fa89eb292322bf1c1550a4c7848b5d5d6f4c6ff128d5e83947fc711702ada4b99eceff6b3c6e1997c6ff529301cbde713910c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe

Filesize
442KB

MD5
f4c354f37bad29735f257d7e2330ae1e

SHA1
5317bdc4ff5f0a863974c4f0caddef8eb1b6521e

SHA256
87aa448fc75310ec49f0aca2ff7fad030a92e6793af752c0979162986d611367

SHA512
32ad0347d3a98120e9eacb4233d90a90e20913186e378a4616f3e9f6db0e65b8df200aa8f31cd1297715ceda765ff6d751a96b2ad84d5db2995b0010a869bb15

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe

Filesize
442KB

MD5
02a420af342805579f2048801ad0facd

SHA1
d2da7c1b0104b9251faa2f65f045ecfe4c3d0263

SHA256
4af5d82a604677d6ea4cdaad286ddfab841f9b77c0bf5aa005e4acb83a51a9dd

SHA512
05eefeb1a76b471ea78c54c1079f07a0f4aab6ec8391e6c2c7090052d9248d7c8f2e8df68b4786384bb9afb07fffaba8b4ec3d263edbf8b987dd977bdeabb7a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe

Filesize
443KB

MD5
f3b68e77455c778555bddf02c93e8dc8

SHA1
51d99aff98c19f52de93d89097dd473526570936

SHA256
cd5b59d3faa9609738fa2d197aa899bc6c948a9bae0348f784a1d0b49182b19f

SHA512
193775a5f29f757edf0e8518809bc7564201a2b0ada20c1bf3fc08e9bf56364a6d84e983a447f12f21eff89d62abf3b77a45ff380e506dc85d7f14cbf97a2ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe

Filesize
443KB

MD5
04bc54867e90f7b05299b9c7b4262b7f

SHA1
5a8de0757f52b700005186090be38e089935838b

SHA256
a79429c39b9d0a7c9fdfef6c82b32892b188272940cb0af34d8cd70e6dadac09

SHA512
ec466683fa655378ff4941c0fc1e338d689b246e27142d6435aed9d81ce0a2941cd2a1d7d800c5db1aa9c5cf03f43c4a178ea97767f574e585c173691fce1ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe

Filesize
443KB

MD5
2104ca21c244b74146d247cadd8ebffd

SHA1
a654186df9a5f7db76b01dccc882de51f544a424

SHA256
13cb1c4a1af421decacc741f6ad09afbf0b7137e6ae780559744b8950f71aff0

SHA512
ab635b107158a1122a4d8b890b597ff9dfd87ef63cbb41add2cf71f2c49cad3f25d94909a4a9145f843852c37b7dce4ecc9d06ee2953935fd07021ab25be93e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe

Filesize
444KB

MD5
8fc9da89a7976e360537ab688a21a3f1

SHA1
20175891a218ca1255c8c9b3a6df40c8050a24b7

SHA256
814b6c078f01df819d9cfc6164e7675fc31ee517d7455975baa12baca5884399

SHA512
183e38b7a045cc7ef3669c55bdf9b87aea8a2061eb75b3a831fbc40bcb6b450385b008359e5dcef271d0a9611f297586b1716ad513482d0e1fa4d024ed270384

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe

Filesize
444KB

MD5
4649d2fd3babd0cac60028e9e434e55b

SHA1
57107befffb1ce4418e3bbca5965030e48a779a4

SHA256
44cb76a9e044b8eb20511da1b568e5b8db9e5f47dd99b31f2e7f5cd392598f0e

SHA512
ec886183a793a6f5279fee1a78fdfb12ef49895123dd9e635f4921241ddae8d089b411602d10ba90baddc5f0669316c672d99a9cb586a337f5775e15e0afb3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe

Filesize
444KB

MD5
14d79f727a45b971ba3545b4b8eec99d

SHA1
c07d13b2248a1d756556c8f82e68cacb9d992c80

SHA256
d5dd813f803dfe1b15639c47762952ad53f502b05f1e704375caad511720c3e2

SHA512
e8b359831f8c89218216a39045e3325c7bbe926630f0868529fe3bc873b1c05cfd7754278d74d7b8b71226d821f3cb8862c74e106357551ec19a694eff1e7343

Download Submit
C:\Users\Admin\AppData\Local\Temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe

Filesize
445KB

MD5
41bfbd90b34edb572ae404fec08e4eba

SHA1
7b1ba1d0a2c91183a52be496d5e6ada6b4e940cb

SHA256
568b880400aae6ce99c34eccdbc97184e5c51b4bbee24b8806df05f6f0780822

SHA512
f0f2dcfe689f436948af1954f57c78bf58d6c8c2120c99d87a75b5e7a3af262e45168d49a912f5fd0a64b515be8bdcf12168d58305770e0327c9d2f2fc16984d

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe

Filesize
439KB

MD5
969ce45924c17ddc961644bb6c37e2c5

SHA1
f191b6708e51f91c49e5bb66b8504bc4295e3d18

SHA256
0343c7d6f744103ecc291946b6762c8d162762cd97570fce13a90c1d329fe1c3

SHA512
bd45833c6731b2765fa540d2070ad0c404d7b20c0d19cfa9cfa7f940d567429a13591606dda28f613dd2a782f7133bc2766508228c4567cd0c004f59ea97c8c4

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe

Filesize
440KB

MD5
2191add8d42984dc1f695166890479c4

SHA1
e725cf79dac65cd5a74100e27cc2a37a4f1a3b75

SHA256
7049f5b3510e061c73dcc885a65ca8440623ffdcf087da0940f7c77d9212fd00

SHA512
467621cdf0e2e7c23cea69e4a4e11e0ffba43687c27cf607a73da53ef0e709df54ab3f4aa6e5030ea65ba4e3557c1beaa528eabb5816789b28cf20cb8d5d7641

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe

Filesize
440KB

MD5
4c293706996c978d32d1ce5b4e7bd2df

SHA1
9005c34cf3c5b2cfe04e0808fdd516f3d3168338

SHA256
f0f531ec8595e8c3c1250dc6495eb4d0580d2c9015aea78e536e593179513bbf

SHA512
8f10417736b46b37ee0114eca56ca614a953b86861b842df9307c00a0d543c5dc52388b3f569d4105c89e194bcd21970daed2b9564713f908e6533556e3c4ce9

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe

Filesize
441KB

MD5
6ef57ab7746536429e2d46c90e028624

SHA1
69dabe9c71d6d3146cd49c9e1ca8a1210c2c5d2f

SHA256
b488065a5609587a42fb9b2548931e6bd607cd1a86ed7bc77f83618f938bdcb5

SHA512
584017157df993712194c77b89b3e9d63062c8169d3e9c74a0de6d0f3fcd7d6dcb3d8b6b40f92c0425cb6ad0368f36e7a4213f79cc3817ec2e8f38964a8a5e8e

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe

Filesize
441KB

MD5
052fba2d2c21f5a5c53666187fc2ba89

SHA1
ce2e70d4ea94abe65682a8238953946b3f5bcbe6

SHA256
87e176665587ae8477c653d4086c606648891fa24f1f019d218d516f1f925057

SHA512
f2009be898248e3e7e37294ad8e68ec2b2460aa10ed78fea4525d5ca4bfd2a99f33d71f58e1490007d49e984df53542171086e2772e26d29fac17202047e25de

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe

Filesize
443KB

MD5
7c0b0b092ea2ad2b80778ac45f2a6e8d

SHA1
7d63a58ab3686b44b41e6664e7426119742f789c

SHA256
1486c9f9912ba757ef3ab9662e74d6d51fb51a49804a89f6a5461ea0e6121485

SHA512
4d3322217703646f216b02acbd9e1b06cd5523546902d435a0560c5df3c9134766105c4da52c2d551fd724595a290dfa1cb702fd18d7f034213ed035ffddb19b

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe

Filesize
443KB

MD5
8e7c5a110a5676645c7d0197b92a3b4a

SHA1
afd77c5e4dceb18866b85804e802f4c28f6e57b5

SHA256
c6f5908c8dba71b5961e5d3415098ba4ee1f5662cf4ab33f51b338f713f7bfc6

SHA512
ca5c7446360bc487770cee1e1ff010c59b99c90b45f79cb873800c98e47e1e275620f227b8e651794c432d47e89e5c0172de13d19fdfcbc1479d4232545a128b

Download Submit
\??\c:\users\admin\appdata\local\temp\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe

Filesize
444KB

MD5
a258cca0d5e6e64a1ca5ab755c0c22a3

SHA1
3e89d72c732d4dc23f1fbb205ae1236319d2945f

SHA256
cec16663149b637bde56e63978aa7a301e70a037b9c591334d2d7e5e6b29310e

SHA512
566c1afddcc20a93c32e815fa2e7bcf0eb7db2df743c72e9953c97e61dfba4b908ee86123d6a99fe1411c73fbe4b6e0186dc4680ab72734f8f897d78c6109a3f

Download Submit
memory/224-188-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/224-198-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/540-82-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/628-146-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/628-156-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1056-102-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1056-113-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1140-41-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1268-143-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1536-19-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1536-31-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1948-135-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2316-167-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2316-176-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2404-165-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2732-11-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2732-22-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3288-72-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3692-109-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3892-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3892-10-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4016-272-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4064-251-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4064-240-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4372-53-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4372-43-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4388-219-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4388-229-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4408-231-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4408-242-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4492-261-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4492-253-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4508-273-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4804-215-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4804-221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4868-93-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4872-115-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4872-125-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4908-204-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4908-214-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4972-185-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4996-63-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202y.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202j.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202r.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202x.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202v.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202m.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202.exe\""	48e0e7f8cffe3795539847cac7e51670_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202i.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202t.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202d.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202l.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202q.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202o.exe\""	48e0e7f8cffe3795539847cac7e51670_neikianalytics_3202n.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads