ec5824d176d45c944f63c22a61fbdc5418fd234ab524c8097e415258d67ceefe

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 23:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Size

391KB
MD5

7853d030e40ad6a87e58290be4186e20
SHA1

56225834c3105db0ec31c705e07334c865183708
SHA256

ec5824d176d45c944f63c22a61fbdc5418fd234ab524c8097e415258d67ceefe
SHA512

6ec18b576dba316e3eb01f067555eead7285513bf3c22d2dc6adea6d962c7f03fa3161d7053ae3e4136a0ba41cac1cc50927726eb5031fbb47854eab2a6e5798
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4DHoxAC:rqpNtb1YIp9AI4F9

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
1140	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
1556	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
1044	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
892	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
1696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
2020	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
884	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
2144	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
1756	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
1116	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
1140	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
1140	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
1556	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
1556	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
1044	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
1044	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
892	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
892	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
1696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
1696	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
2020	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
2020	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
884	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
884	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
2144	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
2144	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
1756	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
1756	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = cbcc82858b17f1be	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2256	1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	28
PID 1804 wrote to memory of 2256	1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	28
PID 1804 wrote to memory of 2256	1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	28
PID 1804 wrote to memory of 2256	1804	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	28
PID 2256 wrote to memory of 2612	2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	29
PID 2256 wrote to memory of 2612	2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	29
PID 2256 wrote to memory of 2612	2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	29
PID 2256 wrote to memory of 2612	2256	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	29
PID 2612 wrote to memory of 2740	2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	30
PID 2612 wrote to memory of 2740	2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	30
PID 2612 wrote to memory of 2740	2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	30
PID 2612 wrote to memory of 2740	2612	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	30
PID 2740 wrote to memory of 2820	2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	31
PID 2740 wrote to memory of 2820	2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	31
PID 2740 wrote to memory of 2820	2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	31
PID 2740 wrote to memory of 2820	2740	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	31
PID 2820 wrote to memory of 2468	2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	32
PID 2820 wrote to memory of 2468	2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	32
PID 2820 wrote to memory of 2468	2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	32
PID 2820 wrote to memory of 2468	2820	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	32
PID 2468 wrote to memory of 3036	2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	33
PID 2468 wrote to memory of 3036	2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	33
PID 2468 wrote to memory of 3036	2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	33
PID 2468 wrote to memory of 3036	2468	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	33
PID 3036 wrote to memory of 2776	3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	34
PID 3036 wrote to memory of 2776	3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	34
PID 3036 wrote to memory of 2776	3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	34
PID 3036 wrote to memory of 2776	3036	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	34
PID 2776 wrote to memory of 2956	2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 2956	2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 2956	2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	35
PID 2776 wrote to memory of 2956	2776	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	35
PID 2956 wrote to memory of 2348	2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	36
PID 2956 wrote to memory of 2348	2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	36
PID 2956 wrote to memory of 2348	2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	36
PID 2956 wrote to memory of 2348	2956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	36
PID 2348 wrote to memory of 1792	2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	37
PID 2348 wrote to memory of 1792	2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	37
PID 2348 wrote to memory of 1792	2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	37
PID 2348 wrote to memory of 1792	2348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	37
PID 1792 wrote to memory of 312	1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	38
PID 1792 wrote to memory of 312	1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	38
PID 1792 wrote to memory of 312	1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	38
PID 1792 wrote to memory of 312	1792	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	38
PID 312 wrote to memory of 1832	312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	39
PID 312 wrote to memory of 1832	312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	39
PID 312 wrote to memory of 1832	312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	39
PID 312 wrote to memory of 1832	312	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	39
PID 1832 wrote to memory of 2880	1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	40
PID 1832 wrote to memory of 2880	1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	40
PID 1832 wrote to memory of 2880	1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	40
PID 1832 wrote to memory of 2880	1832	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	40
PID 2880 wrote to memory of 1252	2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	41
PID 2880 wrote to memory of 1252	2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	41
PID 2880 wrote to memory of 1252	2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	41
PID 2880 wrote to memory of 1252	2880	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	41
PID 1252 wrote to memory of 1664	1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	42
PID 1252 wrote to memory of 1664	1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	42
PID 1252 wrote to memory of 1664	1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	42
PID 1252 wrote to memory of 1664	1252	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	42
PID 1664 wrote to memory of 1140	1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	43
PID 1664 wrote to memory of 1140	1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	43
PID 1664 wrote to memory of 1140	1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	43
PID 1664 wrote to memory of 1140	1664	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1804
- \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2256
- - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2740
    - - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2820
      - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2776
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2956
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2348
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1792
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:312
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1832
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1252
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1664
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1140
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:696
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1556
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1044
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:892
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1696
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2020
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:884
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2144
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1756
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe

Filesize
391KB

MD5
a48bc7539b992dcc81a1f0adff4afc1f

SHA1
a624598710f2dd580b044cd6a9b06b2fd8a02a92

SHA256
8704bc0974468398614fc9714cf56650455068ac28cec760cfbfe72fbafafc68

SHA512
cc962edfc97f6818c7a91e3e5db7205fb3666d53f07926bcbaae986646c0e840765fe2a232392bfb02aaed5e1de581f3e61015fb850e0d6a668f63b8885c7da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe

Filesize
392KB

MD5
1bc98988c0fe03281faa8a383f31e089

SHA1
0b788822cd09df2a67250685b5990a5705cec9cc

SHA256
f5fa950577b669a761ee0bd8d1270b25454b41a42bebae3c59c1a29550d8b131

SHA512
8e9bf29d3e552b8e85c1e027348a71dd2b5e6d16b6a850d779d61facc841202036436f3754517f79b4a0e4eb69e47ab08e0416f5d75ff3bb060f6c58832d639f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe

Filesize
392KB

MD5
3327bfb6b37319db15f697fb129bd72c

SHA1
3332a9b32e01bf3464d7f7ba008b5262bf728798

SHA256
4381b9e5d5a78654d973fe9a20a8f6322b9721d4dd5507c499a48096eb016f63

SHA512
748628e470f265b4672ede49485760492311615df147101d07db10ef960278f91e5f96f3b3d8640f93d6e8d5813606b57cc4c1d507b80e2f8746f38f8f395581

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe

Filesize
392KB

MD5
ce212acf6f089b03bb19d4348e698326

SHA1
5d046f09d7091644b8ec45880e95ca098d820e80

SHA256
32460e2168e2b938a62c26c21dfcc4941e3a3c65f80f764e1a9145a5a965c475

SHA512
218aa8e91aff66e042dd56667554024f8fdf3e16f2df06c6d695e58df3f3fd03f8c1cdbaa519b32c92380d85b87a531d170906ce24c93764388b953edcf1ec16

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe

Filesize
393KB

MD5
2510c8b0ee72ebe07a55c19533698ccd

SHA1
f79d8c56c32798ddfba80b2e3cc3cf8ab03b6356

SHA256
f66d6b3825250f780795493713df43ab85ebd126b193ddeefdfc37b7a7047c3c

SHA512
7d9dd225a9fb93c7e4a37cab744ab670eeed8911df63330e278356f2825c1a8358980921546c0bb7ea5740506a6d5515a934dfb07685769252c5b503b9b8681d

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe

Filesize
393KB

MD5
f86f97711d34dad4192500b2feca40e6

SHA1
af4cd536fb7b962dc74be1f161fc6652ed142f91

SHA256
6ce679e8bb37f28ee60ecae68a5760ebdddc8901738c30cb6aa06ffa67c14aad

SHA512
08699da8138877940fbb19d75bce0673dec6f77de9f852163d27d88ed8b9ef1793f940540b4b19b31d47af10191040aea6debba302369d4e39e2358ed829c640

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe

Filesize
393KB

MD5
011e949e26bc7a2e01fe2a91634141d3

SHA1
1c97949e080cee8c55c760f0ca2e021d3d5b669e

SHA256
b25c69648ef23198e3d3932b0c63eaca84617f5c641467a148190c9b5372c94a

SHA512
38c859bfbb912df2c4d348330879c36521407cd0b8160db751705a06a1bec604308590652ff67f851c9920453ccc245818ac71945d742403d7a831c7aecd7e8d

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe

Filesize
391KB

MD5
9fcf41900f5b334e446cc9be62018af4

SHA1
b9a3976376c70e48a8ff1e581ea07d2b66872ad2

SHA256
3a1fb740d28cce5c7c0773b58cc8659d30d1bfdb504d16fc8dc31d33a215819e

SHA512
c732278cbb2f68f12c405446c7106029d7f7e4cb7c9961edd9b501ff824f454948b385a7a27712e0d4bc8f98a8bf3dc70d39de1b8555adc6448be9c650ab0c5c

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe

Filesize
391KB

MD5
c0b740c9b591cf24ed0ef882324d99a4

SHA1
54e7ca5724dd8a0988af99d15d8311302162d076

SHA256
7e16692a25a32ca1a9dbcc9bbebf12236cf082e0f1ef4b0eb3db743163af23c6

SHA512
b5998a71a51d3fa2854b883d31f0c24bdd2cb07fa6e7415572498febcf929e7b2eefc01286e60339dfc6b3e5caa0e2d3422898795a3c6e0638625ecf42f09384

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe

Filesize
392KB

MD5
5c2c8fa0c4b59e41e5dc8b158348d6f8

SHA1
fee608a85152065c230e629eeda4391de3835683

SHA256
9ed7fd54f48c4629a56f352cae4f1749ebe6ce0698bd9b3438363bd3f2a6d59b

SHA512
a7e4757ab3e0e51e3110e80383f178eb53fe4535f2a14fe249f31077b16ce34004049b2e2fdb940bd8094dfcfc822494bdb56286f48e2c48ffe1eb49d4ef3b11

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe

Filesize
393KB

MD5
104d8fedcbfa75478d2ac8c7ce67ad33

SHA1
f5a9adfabf2bb41b1f980835ba652c69fa262d20

SHA256
d7b5695e8bfd5e726051618a8e955487d4e49bfb7e2194b509218d674cabb29f

SHA512
10caa1f7819cab58cf56e9053321b1d969cbde51d547c9682ef8a86df0f3c538f7951146d179a91c9c8847bcd52159a349ff63eebb6e115ed139ab6e7de45707

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe

Filesize
394KB

MD5
a8f36b00650a463af64d261f5e37c39e

SHA1
07145f07d45b908ea8e5e50710ac388375704404

SHA256
381673b0afcf3a0928d77537eba30dd4f081a1c5e060c033c64bd636f45723cd

SHA512
c8d56e69722abe87981028f33bdc7cf2058d95ae6619e92e999fc8cc23b1b976d7398c103d74cf932d47f1995564c0504a0fdc16651b3ebab45a32263e94cb90

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe

Filesize
394KB

MD5
e8655f45295c0fa32419cc27f250a714

SHA1
9a5b65fb8208e557c3a2f7e2950a8a111abdf8c8

SHA256
ebde69f07e508fadd7328d98beda9996a14b415c591a545c10a54162a0fdde7b

SHA512
fbdff9144efef1f3d0d1b01f1d04fe9fa88293a931858fba7051619e173c7cef3575e1be116b5426ac01564200d67dc10e2ab65a6ca77756cc1cab7e7f6471d8

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe

Filesize
394KB

MD5
48e71b2153a0abc86e6a5910a456c7db

SHA1
c897a936ed39c5917685f704044a271f6268aa62

SHA256
161efde40a5564649b6787a6c1bfb96c0ad33b5e99ac14da9eae87e30de1289f

SHA512
ea3fb9b235601742ef7e7bf9120ef70d855b3568c3f8b171062f469d752d998163d5a53794d95e08870e4cae6495988843ccced98007b7e61c4133044e37963b

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe

Filesize
394KB

MD5
98f1633437e0c3f545235ec157732d08

SHA1
9db431b88c8d5e0d3e0fe1b91353d19f31e434fb

SHA256
32de6d23c747b8cfa57753cf535662fbd3fd3b347c7c914aa234ef09ef31b3a2

SHA512
0b09f95c1e602a3e8f619968608575f7ff7a3e95d0c5bfd7d1dc2383881fd01c5583e6ded241e5425b94d04d81945b2f6760b7beb10903cff2a1e2804b8866d1

Download Submit
\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe

Filesize
394KB

MD5
804b811bced756dd187d05ede2ee1e64

SHA1
c19fff43e024a097d008e4a42398a4c2a85e5059

SHA256
27daec90c7889d3af1d4e746244d2e3c98908f018e89ef7fba08d746c7f24cb0

SHA512
917f167077ea4ec44f7e58ae6dee45485a0915cd4412a93083802b458fb492dbc75d56690ab9c44bbeb6108767238ecee4b1ce474ed83fa2e898f4cd58fd17d9

Download Submit
memory/312-186-0x0000000000370000-0x00000000003B2000-memory.dmp

Filesize
264KB

Download
memory/312-183-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/312-192-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/696-281-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/696-270-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/884-338-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/884-349-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/892-315-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1044-304-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1044-293-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1116-373-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1140-269-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1252-241-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1252-234-0x0000000000380000-0x00000000003C2000-memory.dmp

Filesize
264KB

Download
memory/1556-292-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1664-242-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1664-256-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1696-326-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1756-372-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-176-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-174-0x0000000000280000-0x00000000002C2000-memory.dmp

Filesize
264KB

Download
memory/1792-166-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1804-15-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1804-7-0x0000000000370000-0x00000000003B2000-memory.dmp

Filesize
264KB

Download
memory/1804-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1832-209-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1832-207-0x0000000001CF0000-0x0000000001D32000-memory.dmp

Filesize
264KB

Download
memory/2020-337-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2144-350-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2144-361-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2256-30-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2256-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2348-150-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2348-158-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2468-86-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2468-94-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2612-32-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2612-47-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2740-62-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2740-54-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2776-126-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2776-118-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-64-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-78-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2880-225-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2880-210-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2956-142-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2956-129-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3036-97-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3036-110-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe\""	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads