Analysis
-
max time kernel
119s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/06/2024, 09:23
General
-
Target
4e03cca7c3bc788119ad0920ed43df70_NeikiAnalytics.exe
-
Size
104KB
-
MD5
4e03cca7c3bc788119ad0920ed43df70
-
SHA1
199abc6b2fde3837dbfffe5461708b1bf3c97576
-
SHA256
3402697529692158a4191d9a7e2d3618c39f634ee52a1e4be5c027e445117dab
-
SHA512
8d2b8aa13a534d54104af9cf9263508ee4a1180c9fedb13de67b13fa792cdb08f3bed90d145f12a20cf808ef3b1450c5f863b4678a375e18a2556db9c6a55300
-
SSDEEP
1536:2zfXIsxrhzk2nfsW3ou3yWW2dvcW6eHcBwUi6vWE0Dl27b58XBdqaMGxuA1c:yfjxrhzk2nfsWhP7dvavi6vWEbh8Xy
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e03cca7c3bc788119ad0920ed43df70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4e03cca7c3bc788119ad0920ed43df70_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wvcitx.exe"C:\Windows\system32\wvcitx.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnhl.exe"C:\Windows\system32\wnhl.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wuouhhp.exe"C:\Windows\system32\wuouhhp.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wfrui.exe"C:\Windows\system32\wfrui.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wavm.exe"C:\Windows\system32\wavm.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wboj.exe"C:\Windows\system32\wboj.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\waqw.exe"C:\Windows\system32\waqw.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wtr.exe"C:\Windows\system32\wtr.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wali.exe"C:\Windows\system32\wali.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxtay.exe"C:\Windows\system32\wxtay.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wrhcndxpl.exe"C:\Windows\system32\wrhcndxpl.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wcbqgx.exe"C:\Windows\system32\wcbqgx.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wjibcb.exe"C:\Windows\system32\wjibcb.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wpbsdf.exe"C:\Windows\system32\wpbsdf.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wodhdd.exe"C:\Windows\system32\wodhdd.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\wvg.exe"C:\Windows\system32\wvg.exe"17⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjxw.exe"C:\Windows\system32\wjxw.exe"18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjhmjp.exe"C:\Windows\system32\wjhmjp.exe"19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wsk.exe"C:\Windows\system32\wsk.exe"20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvtamy.exe"C:\Windows\system32\wvtamy.exe"21⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxxgelcxm.exe"C:\Windows\system32\wxxgelcxm.exe"22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkflrg.exe"C:\Windows\system32\wkflrg.exe"23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\weheyn.exe"C:\Windows\system32\weheyn.exe"24⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvkvi.exe"C:\Windows\system32\wvkvi.exe"25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wuwump.exe"C:\Windows\system32\wuwump.exe"26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wjarecpl.exe"C:\Windows\system32\wjarecpl.exe"27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wqskiive.exe"C:\Windows\system32\wqskiive.exe"28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wblyac.exe"C:\Windows\system32\wblyac.exe"29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxwyhbu.exe"C:\Windows\system32\wxwyhbu.exe"30⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wfrrjfa.exe"C:\Windows\system32\wfrrjfa.exe"31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wmxbfi.exe"C:\Windows\system32\wmxbfi.exe"32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wlh.exe"C:\Windows\system32\wlh.exe"33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\weushju.exe"C:\Windows\system32\weushju.exe"34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\whdglv.exe"C:\Windows\system32\whdglv.exe"35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wfqfrsb.exe"C:\Windows\system32\wfqfrsb.exe"36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wdnl.exe"C:\Windows\system32\wdnl.exe"37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wwbmmsqc.exe"C:\Windows\system32\wwbmmsqc.exe"38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\witdepaj.exe"C:\Windows\system32\witdepaj.exe"39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wfvrf.exe"C:\Windows\system32\wfvrf.exe"40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wejplj.exe"C:\Windows\system32\wejplj.exe"41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wobgeed.exe"C:\Windows\system32\wobgeed.exe"42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wytu.exe"C:\Windows\system32\wytu.exe"43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wxuiw.exe"C:\Windows\system32\wxuiw.exe"44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wqjkmdecw.exe"C:\Windows\system32\wqjkmdecw.exe"45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wsqx.exe"C:\Windows\system32\wsqx.exe"46⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wrrn.exe"C:\Windows\system32\wrrn.exe"47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\woflvjpmg.exe"C:\Windows\system32\woflvjpmg.exe"48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wdw.exe"C:\Windows\system32\wdw.exe"49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wtatwjbws.exe"C:\Windows\system32\wtatwjbws.exe"50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wpnrfip.exe"C:\Windows\system32\wpnrfip.exe"51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wgpou.exe"C:\Windows\system32\wgpou.exe"52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wqidprw.exe"C:\Windows\system32\wqidprw.exe"53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wdpicm.exe"C:\Windows\system32\wdpicm.exe"54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wrenac.exe"C:\Windows\system32\wrenac.exe"55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wulbemvh.exe"C:\Windows\system32\wulbemvh.exe"56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkowubs.exe"C:\Windows\system32\wkowubs.exe"57⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wphqxfy.exe"C:\Windows\system32\wphqxfy.exe"58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wokfvce.exe"C:\Windows\system32\wokfvce.exe"59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wpdbhog.exe"C:\Windows\system32\wpdbhog.exe"60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wwllbs.exe"C:\Windows\system32\wwllbs.exe"61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wjwja.exe"C:\Windows\system32\wjwja.exe"62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wyotjdow.exe"C:\Windows\system32\wyotjdow.exe"63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wnrrbr.exe"C:\Windows\system32\wnrrbr.exe"64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wetns.exe"C:\Windows\system32\wetns.exe"65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wsmxdrw.exe"C:\Windows\system32\wsmxdrw.exe"66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvulh.exe"C:\Windows\system32\wvulh.exe"67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\woinv.exe"C:\Windows\system32\woinv.exe"68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wnqejfn.exe"C:\Windows\system32\wnqejfn.exe"69⤵
-
C:\Windows\SysWOW64\wlsrict.exe"C:\Windows\system32\wlsrict.exe"70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wvlibwbw.exe"C:\Windows\system32\wvlibwbw.exe"71⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wkynylk.exe"C:\Windows\system32\wkynylk.exe"72⤵
-
C:\Windows\SysWOW64\wrhwupf.exe"C:\Windows\system32\wrhwupf.exe"73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wdxmnlo.exe"C:\Windows\system32\wdxmnlo.exe"74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wschey.exe"C:\Windows\system32\wschey.exe"75⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\woewfv.exe"C:\Windows\system32\woewfv.exe"76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wsqsclkhc.exe"C:\Windows\system32\wsqsclkhc.exe"77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wtq.exe"C:\Windows\system32\wtq.exe"78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wyoeof.exe"C:\Windows\system32\wyoeof.exe"79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\wdaym.exe"C:\Windows\system32\wdaym.exe"80⤵
-
C:\Windows\SysWOW64\wbrdfqpg.exe"C:\Windows\system32\wbrdfqpg.exe"81⤵
-
C:\Windows\SysWOW64\wcexdg.exe"C:\Windows\system32\wcexdg.exe"82⤵
-
C:\Windows\SysWOW64\weqtaubup.exe"C:\Windows\system32\weqtaubup.exe"83⤵
-
C:\Windows\SysWOW64\wcrhyrhmh.exe"C:\Windows\system32\wcrhyrhmh.exe"84⤵
-
C:\Windows\SysWOW64\wytwaomcx.exe"C:\Windows\system32\wytwaomcx.exe"85⤵
-
C:\Windows\SysWOW64\wjgqh.exe"C:\Windows\system32\wjgqh.exe"86⤵
-
C:\Windows\SysWOW64\wnibyut.exe"C:\Windows\system32\wnibyut.exe"87⤵
-
C:\Windows\SysWOW64\wrecsdc.exe"C:\Windows\system32\wrecsdc.exe"88⤵
-
C:\Windows\SysWOW64\wtrxq.exe"C:\Windows\system32\wtrxq.exe"89⤵
-
C:\Windows\SysWOW64\wsibknqec.exe"C:\Windows\system32\wsibknqec.exe"90⤵
-
C:\Windows\SysWOW64\wsfh.exe"C:\Windows\system32\wsfh.exe"91⤵
-
C:\Windows\SysWOW64\wrwlgxoo.exe"C:\Windows\system32\wrwlgxoo.exe"92⤵
-
C:\Windows\SysWOW64\wtjgen.exe"C:\Windows\system32\wtjgen.exe"93⤵
-
C:\Windows\SysWOW64\wutbcdce.exe"C:\Windows\system32\wutbcdce.exe"94⤵
-
C:\Windows\SysWOW64\wxgwyr.exe"C:\Windows\system32\wxgwyr.exe"95⤵
-
C:\Windows\SysWOW64\wfpfuu.exe"C:\Windows\system32\wfpfuu.exe"96⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxgwyr.exe"96⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wutbcdce.exe"95⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtjgen.exe"94⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrwlgxoo.exe"93⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsfh.exe"92⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsibknqec.exe"91⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtrxq.exe"90⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrecsdc.exe"89⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnibyut.exe"88⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjgqh.exe"87⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wytwaomcx.exe"86⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 9686⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcrhyrhmh.exe"85⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weqtaubup.exe"84⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcexdg.exe"83⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbrdfqpg.exe"82⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdaym.exe"81⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyoeof.exe"80⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtq.exe"79⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsqsclkhc.exe"78⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woewfv.exe"77⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wschey.exe"76⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdxmnlo.exe"75⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrhwupf.exe"74⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkynylk.exe"73⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvlibwbw.exe"72⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 9672⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlsrict.exe"71⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnqejfn.exe"70⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woinv.exe"69⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvulh.exe"68⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsmxdrw.exe"67⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wetns.exe"66⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnrrbr.exe"65⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyotjdow.exe"64⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 9664⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjwja.exe"63⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwllbs.exe"62⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpdbhog.exe"61⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wokfvce.exe"60⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wphqxfy.exe"59⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkowubs.exe"58⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wulbemvh.exe"57⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrenac.exe"56⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdpicm.exe"55⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqidprw.exe"54⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgpou.exe"53⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpnrfip.exe"52⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtatwjbws.exe"51⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 9651⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdw.exe"50⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woflvjpmg.exe"49⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrrn.exe"48⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsqx.exe"47⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqjkmdecw.exe"46⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxuiw.exe"45⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wytu.exe"44⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wobgeed.exe"43⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wejplj.exe"42⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfvrf.exe"41⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\witdepaj.exe"40⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwbmmsqc.exe"39⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdnl.exe"38⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfqfrsb.exe"37⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whdglv.exe"36⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weushju.exe"35⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlh.exe"34⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxbfi.exe"33⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfrrjfa.exe"32⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxwyhbu.exe"31⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wblyac.exe"30⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqskiive.exe"29⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjarecpl.exe"28⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuwump.exe"27⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvkvi.exe"26⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weheyn.exe"25⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkflrg.exe"24⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxxgelcxm.exe"23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvtamy.exe"22⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsk.exe"21⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjhmjp.exe"20⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjxw.exe"19⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvg.exe"18⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodhdd.exe"17⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpbsdf.exe"16⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjibcb.exe"15⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcbqgx.exe"14⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrhcndxpl.exe"13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxtay.exe"12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wali.exe"11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtr.exe"10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waqw.exe"9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wboj.exe"8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wavm.exe"7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfrui.exe"6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuouhhp.exe"5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnhl.exe"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvcitx.exe"3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\4e03cca7c3bc788119ad0920ed43df70_NeikiAnalytics.exe"2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
98B
MD536d7f57180708c80266d5c4cebd5f6a1
SHA1420b4cd81dca7ece84673158300f636c8772a983
SHA2561e8c71ae30987e9db8008dd3909a8290976ab9e93ebc9e37fb5727c90e7ab85e
SHA5129a098e2dbf76e7114863b8aa749f917e9d852a9c451b9a071586885069bc4a12b76cf06aeab61e20ff596c4cd130c8256558df5da9eadf03a1c9ce097039ac89
-
Filesize
105KB
MD52ce507364a32afa9625010a303b4ad96
SHA15b7e660734586677165978b5377c1e46a5c5c99d
SHA2563c70b87e8f10d24940cb63d3a3f4d7943934443290e917a89a5de725fdd57992
SHA51231d91d28f80890f682b3b3b2b2da7827fc60b5308884319dd62de7188df6df444623990b7e4a4e2e57c0513d03f7e604453cc13f51873d3cf52908c1a89dd19f
-
Filesize
105KB
MD551c4e843bf7c2aec2cdcfbe1981b043e
SHA113f4287fef61dabdf279ac057765c981a6fa7fd5
SHA256b198c4ff9c16e37acd1706ae6c8a8ec6090d3eb1e0663c7777d90b90c7a132c2
SHA51251d981454b1333d389e2d109fa32261a6f9f0cc48bb633faab2484d21be6d72e0f507d00f2ed7337d2a824aadd9b566755982053d1397170fd103e431669aa39
-
Filesize
105KB
MD5f85f02aa5b05f3b2af63e3ed808b3ab7
SHA1d2ea0020675772e9a0372275ba43b915c4b5932c
SHA256e3ee0d4b3e4be267b2ecf0b21a977f9fdda47652e4e207ad22300101a202abdb
SHA51253158690beea69955fdd7c85b952b8a02eeef91c187bd4ff820d8b1553df49ac80481be96ca1ce2b1e545d37f9f00d4471a1c1ec451551112ce3822d85447d0c
-
Filesize
105KB
MD522db2515c460c36488cd612488b6e12b
SHA11d33f343ef2c9aaf858511f8c3e79a9b580d2e3b
SHA25628d9da1240dc5911d7a367d423a26efa48dc7495c4b53de301fa4fb0e014b368
SHA5127d6f315b741a78624449ec926a601d87b06c79c85cc3e86096e2d58e8f54edb90fde22bd71ba2095c8657b81f4c10bdb2b525d964b2ab63739fd0cfe63f9e56c
-
Filesize
105KB
MD57c26d90a88d664106d112a5faec4ba31
SHA1f272d7129be7504b548ad0f886f2c8131c7b4db3
SHA25665fdb686a7f5296e81e7bc79267e7d84a3d7ab5455ff35a9645e2c47d06eeb27
SHA5128fe226d37f8d01aefb82e8868cf7023327fb05ae18f007709990cfab624fbf0fb452e6b1481e947bfc32e0a76934ec80e81ef09009192804cf0effe411c368d5
-
Filesize
105KB
MD5ad0f991a798322d903dd089cd916efe9
SHA1a7df94d4f6a663717d5b54b0030c9d22c8e817be
SHA2568c044b28d8440a2a50ef2b6d9893d27107fc948587252262ca79393cb2b9daec
SHA512710a1bfbb8e369fd73eeadd76edb9aa42beeaf69f50c3500348c0a12a35cf9b0f4ad46f5fb93fbe5efadf3a837602240f63b5f6acefd4c2212b9f99701ebccbc
-
Filesize
105KB
MD591a980ea5639638faee3b27cb7d695f9
SHA130a1980db66381e02da73edc20f58c44bb4d4560
SHA256a08d956b443e15d38abfcad997c72456957db7ecbbba14964eb84a274ded9603
SHA5122979fdf36df267167e954d18eeff4adce239722f79ec49a441e170f0b4bab84ebd95edb87cc812f29e4468f3eb271a0e0a8a1a8d7fef749f5a4550a61227897a
-
Filesize
105KB
MD5e9a55cd96ac89097a47cbb78d4e542fc
SHA151363257492d07884200e3f75c90c6f64cf91cdd
SHA256fbef31f63de02968733ce6e9b7e0b1641d1484a03caef2695405b311c5c3b62a
SHA5124d5edb2c2d85a779b775f439b7faa8a3f3b102ec93fa2abf3b79edeca27fd842056c28cf73a09f81786032260471c92414b03cf4ba6a176c8a1d30828a9ca3b7
-
Filesize
105KB
MD537632c97d817577a092a473fdda729ae
SHA19631403d63abd2eb6849c72ff058d125b78a9fbe
SHA2560c8eb2ab3849aeebc14a29c4161f088544bf1fbefd3898cafd70419bd663b9bc
SHA512918e11a1b4ebfb0286cef112ee809f7bd912e199422044203a243421a9aa0455399cfe1674d27ec4078d29e0ebdf562ec0a9c732da06795832c5c261ff225784
-
Filesize
105KB
MD5018c6a5d63ee57650806a30359dc55ed
SHA1246c228f56a680f9462295b855c53a5d8d06be71
SHA2564381c8feee2581b1107557e2d616e0608721a591524d14a9bd5adf84922382ad
SHA512f6adca58f01f2c6bd5fde0527d3f9467bf5947fa02bddc338586200548cdfefb7cc7a362cb7a8be3cdf9dd8c77147ab71a38c11c0384b6907dd033d9d81ff9cc
-
Filesize
105KB
MD54da4c4d210f941b4b3b44e2288579162
SHA1f2c5b25518fc542d3baddef57995fe4d3a01579f
SHA256292ad076f8a167dec44f866a4d8beb97f1ecd2e40e83cce14a1b30dc93953826
SHA5123b13be92752a0e09cc58a4f92a2f7b86b9c8e27f602801842db1c6b89b421a3d5fdce42e9bce753f40c862f8867312076aeeae50e0bcfb2c8281c1d9fbc151e3
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB