f544153272a73790647f229bb3874ad727adaa25b659e076f8303f21beff09da

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Size

277KB
MD5

9c404dbc61969d6914af52c2f307cff0
SHA1

9c77ca3b5887f89c8afa2dee5d4183004bd8e63d
SHA256

f544153272a73790647f229bb3874ad727adaa25b659e076f8303f21beff09da
SHA512

2f3671f196acbb50acc84d1886317e44d4858ccf5c0cbdfb34326117bca85c3cb76ef2f35242ec750741c7eccffe35bc61c939bf501daf785336f0eee410d957
SSDEEP

6144:+b2BRvEm8iIeqZUKRm1J0XhWqoDTUvaBMiPPGH:1RvEm8iIeNWiJ0XhWl0vK

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputProperties"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCommandsEx"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentBalloon"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\CurVer	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentPropertySheet"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ = "IAgentNotifySink"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\ = "Microsoft Agent Server Extensions 2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\FLAGS\ = "0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\TreatAs\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ = "IAgentBalloonEx"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentBalloon"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties"	9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9c404dbc61969d6914af52c2f307cff0_NeikiAnalytics.exe"
1⤵
- Modifies registry class
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2532-0-0x0000000001000000-0x0000000001048000-memory.dmp

Filesize
288KB

Download
memory/2532-1-0x0000000001000000-0x0000000001048000-memory.dmp

Filesize
288KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads