ec5824d176d45c944f63c22a61fbdc5418fd234ab524c8097e415258d67ceefe

Analysis

max time kernel
92s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Size

391KB
MD5

7853d030e40ad6a87e58290be4186e20
SHA1

56225834c3105db0ec31c705e07334c865183708
SHA256

ec5824d176d45c944f63c22a61fbdc5418fd234ab524c8097e415258d67ceefe
SHA512

6ec18b576dba316e3eb01f067555eead7285513bf3c22d2dc6adea6d962c7f03fa3161d7053ae3e4136a0ba41cac1cc50927726eb5031fbb47854eab2a6e5798
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJ4DHoxAC:rqpNtb1YIp9AI4F9

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
4272	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
3956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
2392	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
3380	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
4348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
3004	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
2076	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
5172	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
5788	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
4388	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
5344	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
4852	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
4300	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
3932	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
2260	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
1576	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
3616	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
6128	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
3540	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
1904	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
5636	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
4988	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
1480	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
3536	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
1648	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
2668	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 735e640868a1c0f0	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5212 wrote to memory of 4272	5212	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	82
PID 5212 wrote to memory of 4272	5212	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	82
PID 5212 wrote to memory of 4272	5212	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe	82
PID 4272 wrote to memory of 3956	4272	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	83
PID 4272 wrote to memory of 3956	4272	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	83
PID 4272 wrote to memory of 3956	4272	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe	83
PID 3956 wrote to memory of 2392	3956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	84
PID 3956 wrote to memory of 2392	3956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	84
PID 3956 wrote to memory of 2392	3956	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe	84
PID 2392 wrote to memory of 3380	2392	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	85
PID 2392 wrote to memory of 3380	2392	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	85
PID 2392 wrote to memory of 3380	2392	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe	85
PID 3380 wrote to memory of 4348	3380	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	86
PID 3380 wrote to memory of 4348	3380	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	86
PID 3380 wrote to memory of 4348	3380	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe	86
PID 4348 wrote to memory of 3004	4348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	87
PID 4348 wrote to memory of 3004	4348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	87
PID 4348 wrote to memory of 3004	4348	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe	87
PID 3004 wrote to memory of 2076	3004	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	88
PID 3004 wrote to memory of 2076	3004	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	88
PID 3004 wrote to memory of 2076	3004	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe	88
PID 2076 wrote to memory of 5172	2076	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	89
PID 2076 wrote to memory of 5172	2076	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	89
PID 2076 wrote to memory of 5172	2076	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe	89
PID 5172 wrote to memory of 5788	5172	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	90
PID 5172 wrote to memory of 5788	5172	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	90
PID 5172 wrote to memory of 5788	5172	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe	90
PID 5788 wrote to memory of 4388	5788	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	91
PID 5788 wrote to memory of 4388	5788	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	91
PID 5788 wrote to memory of 4388	5788	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe	91
PID 4388 wrote to memory of 5344	4388	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	92
PID 4388 wrote to memory of 5344	4388	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	92
PID 4388 wrote to memory of 5344	4388	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe	92
PID 5344 wrote to memory of 4852	5344	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	94
PID 5344 wrote to memory of 4852	5344	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	94
PID 5344 wrote to memory of 4852	5344	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe	94
PID 4852 wrote to memory of 4300	4852	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	95
PID 4852 wrote to memory of 4300	4852	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	95
PID 4852 wrote to memory of 4300	4852	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe	95
PID 4300 wrote to memory of 3932	4300	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	97
PID 4300 wrote to memory of 3932	4300	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	97
PID 4300 wrote to memory of 3932	4300	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe	97
PID 3932 wrote to memory of 2260	3932	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	98
PID 3932 wrote to memory of 2260	3932	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	98
PID 3932 wrote to memory of 2260	3932	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe	98
PID 2260 wrote to memory of 1576	2260	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	99
PID 2260 wrote to memory of 1576	2260	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	99
PID 2260 wrote to memory of 1576	2260	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe	99
PID 1576 wrote to memory of 3616	1576	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe	100
PID 1576 wrote to memory of 3616	1576	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe	100
PID 1576 wrote to memory of 3616	1576	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe	100
PID 3616 wrote to memory of 6128	3616	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe	101
PID 3616 wrote to memory of 6128	3616	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe	101
PID 3616 wrote to memory of 6128	3616	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe	101
PID 6128 wrote to memory of 3540	6128	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe	102
PID 6128 wrote to memory of 3540	6128	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe	102
PID 6128 wrote to memory of 3540	6128	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe	102
PID 3540 wrote to memory of 1904	3540	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe	103
PID 3540 wrote to memory of 1904	3540	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe	103
PID 3540 wrote to memory of 1904	3540	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe	103
PID 1904 wrote to memory of 5636	1904	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe	104
PID 1904 wrote to memory of 5636	1904	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe	104
PID 1904 wrote to memory of 5636	1904	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe	104
PID 5636 wrote to memory of 4988	5636	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe	105

C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5212
- \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4272
- - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3956
  - - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2392
    - - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3380
      - \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4348
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2076
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5172
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5788
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4388
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5344
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4300
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3932
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2260
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3616
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:6128
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3540
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1904
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5636
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4988
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1480
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3536
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1648
        
        \??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe

Filesize
391KB

MD5
a48bc7539b992dcc81a1f0adff4afc1f

SHA1
a624598710f2dd580b044cd6a9b06b2fd8a02a92

SHA256
8704bc0974468398614fc9714cf56650455068ac28cec760cfbfe72fbafafc68

SHA512
cc962edfc97f6818c7a91e3e5db7205fb3666d53f07926bcbaae986646c0e840765fe2a232392bfb02aaed5e1de581f3e61015fb850e0d6a668f63b8885c7da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe

Filesize
391KB

MD5
9fcf41900f5b334e446cc9be62018af4

SHA1
b9a3976376c70e48a8ff1e581ea07d2b66872ad2

SHA256
3a1fb740d28cce5c7c0773b58cc8659d30d1bfdb504d16fc8dc31d33a215819e

SHA512
c732278cbb2f68f12c405446c7106029d7f7e4cb7c9961edd9b501ff824f454948b385a7a27712e0d4bc8f98a8bf3dc70d39de1b8555adc6448be9c650ab0c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe

Filesize
392KB

MD5
1bc98988c0fe03281faa8a383f31e089

SHA1
0b788822cd09df2a67250685b5990a5705cec9cc

SHA256
f5fa950577b669a761ee0bd8d1270b25454b41a42bebae3c59c1a29550d8b131

SHA512
8e9bf29d3e552b8e85c1e027348a71dd2b5e6d16b6a850d779d61facc841202036436f3754517f79b4a0e4eb69e47ab08e0416f5d75ff3bb060f6c58832d639f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe

Filesize
393KB

MD5
2510c8b0ee72ebe07a55c19533698ccd

SHA1
f79d8c56c32798ddfba80b2e3cc3cf8ab03b6356

SHA256
f66d6b3825250f780795493713df43ab85ebd126b193ddeefdfc37b7a7047c3c

SHA512
7d9dd225a9fb93c7e4a37cab744ab670eeed8911df63330e278356f2825c1a8358980921546c0bb7ea5740506a6d5515a934dfb07685769252c5b503b9b8681d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe

Filesize
393KB

MD5
f86f97711d34dad4192500b2feca40e6

SHA1
af4cd536fb7b962dc74be1f161fc6652ed142f91

SHA256
6ce679e8bb37f28ee60ecae68a5760ebdddc8901738c30cb6aa06ffa67c14aad

SHA512
08699da8138877940fbb19d75bce0673dec6f77de9f852163d27d88ed8b9ef1793f940540b4b19b31d47af10191040aea6debba302369d4e39e2358ed829c640

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe

Filesize
394KB

MD5
2bd7076d90c4348e30bce1ca9bf69d45

SHA1
fc029a346237e62fd6fcfa12787ff4010b605e78

SHA256
558719f3139a7a702551f2d233fc347249a0eac3bde24b09964465a81a05d409

SHA512
7a7ef888dffecc29ea49694df9e9d216641ca9890fc2503f9a1eee1991938a2cc5d5ead23b95c613880ed60936c238d74041cbd5a1b4287e616578cb49d9cc73

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe

Filesize
394KB

MD5
689571b000df077499735cb61f727308

SHA1
61e238e6661595368fd29fc922ad0249c725ce82

SHA256
b73648a6556e4a00be36431cb336c861666812a9bb4940fe9f2ce99e652d0e63

SHA512
366a9cfb2d1cd467fedb812b74ae129c2a0ab71c33f50148bd4aeaf71a0a76d401f058bd93d3deb33fcaa537de013ecd1fa120aa41626c9cb6d4669d634cc0ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe

Filesize
396KB

MD5
0078cddf3d88e6a50f07e22bf64c24aa

SHA1
0ac29e248eead3bc036cae408b57e9deb75e0a7d

SHA256
29cd3f7d7c32bbaffd0f3041d3b48c9e93d296cd71a27af527e7fb9962fd9566

SHA512
a8c63e9c8e2002606b5964cb9488a1afa637e0a8ee95bb9ecac1b6eb83e8d103d1055f6bda2e760d809e385d938bd433b3df341851e994ab0bfbcf64ce9b7945

Download Submit
C:\Users\Admin\AppData\Local\Temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe

Filesize
396KB

MD5
c5174bb8882cc2b5f8d0536a2e8f0d9b

SHA1
fe892737a1b2f7da0aa043bd59adfe2be996ad3a

SHA256
974cc40519af781ae96591bf5ab7626b3365813f7ecc887ae0e5ca527a6609a7

SHA512
8c7ef53c146a45e1e647bc483f19e60fde99be3b3d729ecb11431f905429e240cc31386da1f5088034c6386db167787514ce4365eadc9369de39b48ae6445194

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe

Filesize
391KB

MD5
c0b740c9b591cf24ed0ef882324d99a4

SHA1
54e7ca5724dd8a0988af99d15d8311302162d076

SHA256
7e16692a25a32ca1a9dbcc9bbebf12236cf082e0f1ef4b0eb3db743163af23c6

SHA512
b5998a71a51d3fa2854b883d31f0c24bdd2cb07fa6e7415572498febcf929e7b2eefc01286e60339dfc6b3e5caa0e2d3422898795a3c6e0638625ecf42f09384

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe

Filesize
392KB

MD5
ce212acf6f089b03bb19d4348e698326

SHA1
5d046f09d7091644b8ec45880e95ca098d820e80

SHA256
32460e2168e2b938a62c26c21dfcc4941e3a3c65f80f764e1a9145a5a965c475

SHA512
218aa8e91aff66e042dd56667554024f8fdf3e16f2df06c6d695e58df3f3fd03f8c1cdbaa519b32c92380d85b87a531d170906ce24c93764388b953edcf1ec16

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe

Filesize
392KB

MD5
3327bfb6b37319db15f697fb129bd72c

SHA1
3332a9b32e01bf3464d7f7ba008b5262bf728798

SHA256
4381b9e5d5a78654d973fe9a20a8f6322b9721d4dd5507c499a48096eb016f63

SHA512
748628e470f265b4672ede49485760492311615df147101d07db10ef960278f91e5f96f3b3d8640f93d6e8d5813606b57cc4c1d507b80e2f8746f38f8f395581

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe

Filesize
392KB

MD5
5c2c8fa0c4b59e41e5dc8b158348d6f8

SHA1
fee608a85152065c230e629eeda4391de3835683

SHA256
9ed7fd54f48c4629a56f352cae4f1749ebe6ce0698bd9b3438363bd3f2a6d59b

SHA512
a7e4757ab3e0e51e3110e80383f178eb53fe4535f2a14fe249f31077b16ce34004049b2e2fdb940bd8094dfcfc822494bdb56286f48e2c48ffe1eb49d4ef3b11

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe

Filesize
393KB

MD5
011e949e26bc7a2e01fe2a91634141d3

SHA1
1c97949e080cee8c55c760f0ca2e021d3d5b669e

SHA256
b25c69648ef23198e3d3932b0c63eaca84617f5c641467a148190c9b5372c94a

SHA512
38c859bfbb912df2c4d348330879c36521407cd0b8160db751705a06a1bec604308590652ff67f851c9920453ccc245818ac71945d742403d7a831c7aecd7e8d

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe

Filesize
393KB

MD5
104d8fedcbfa75478d2ac8c7ce67ad33

SHA1
f5a9adfabf2bb41b1f980835ba652c69fa262d20

SHA256
d7b5695e8bfd5e726051618a8e955487d4e49bfb7e2194b509218d674cabb29f

SHA512
10caa1f7819cab58cf56e9053321b1d969cbde51d547c9682ef8a86df0f3c538f7951146d179a91c9c8847bcd52159a349ff63eebb6e115ed139ab6e7de45707

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe

Filesize
394KB

MD5
ac829c01dbefa4ab66b49ea68c18f0c0

SHA1
d3815a365158abdc2d8434b3caff840887890938

SHA256
53769360356fa52653179f9ee869644116d24e2d1327a6e6cd2c8a5c35b8e782

SHA512
41f849660cb51f1d8ea3b3bf2b8e6a7a5bbe139b42e018b65865cc36c33289a1bb2785c20c7e712c490a627c358badd380a53255c7de6deeae6228f3caa7e2f3

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe

Filesize
394KB

MD5
d263b69b0d51688da715b30919984856

SHA1
7620084441facd216fe3331b93b3a973726d5284

SHA256
bae0f9379a6c194a40386e1faf93fda0f3b9cb782f1aa97f69581154e2dee100

SHA512
de2b2439d22a231d8d3332b6b2a7ba43caaad556b181566f2d372cd50c7543730a165481233004be594d11a1056d17ee345932687f75fc5419edb43a357cd08b

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe

Filesize
394KB

MD5
67d34edeef2ae8a5f4bc6171a3b2f1fe

SHA1
bb3eca09a37a4c9c4c8f01e7fe31798b09f7d801

SHA256
200612cbd53e12d4c194f41ac9e06defd3877176cc08808315ae94331d4aedbe

SHA512
e4c138812e6ac5b482fa73ca6f4f122843487fddc2fa975bcb286989d8f11efe9a10605b70311cd76da36e1ebf5af9fbb1e853ef7c079509f2e94ab7e51a9173

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe

Filesize
395KB

MD5
7ade7fa3fe5a2b7a1349b10c4b68358c

SHA1
1d6049a9bbecf6da4d836ca09fcb63779e075560

SHA256
f82798515971fd24d86d212e04e12a821a24b93b30549d739f05c1e8d90de4e9

SHA512
a3d9bbcff777133a53d4213c9f91675a873c59ed4c196d0e55c87c3e1ba66c1db67f969aedf24332438a9adb67f4ddf434d0d43f5b409ed89698f54b4caf6835

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe

Filesize
395KB

MD5
0a67156b9520af12062a5af0c12295e0

SHA1
95cf5dc00dc2e7f7d340ee714268afa3884dddd6

SHA256
b90f9511e2cb1cc6e84399a3eb6b3658caa0d772b2d2d0ac8bc0a87d69b54221

SHA512
410ca94ea146d0932f64e5a98ef8b57a066b7b09a9349f1d5879ce924c157482c0ed4539d22d30befc931e4968bacdebbe42d5c56cd007b277d82279b7c20d2f

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe

Filesize
395KB

MD5
6f87aad9c1d54188d44e3c3f8784730b

SHA1
de6c38b2cad12e8bf95acef27b5c293c085da1d5

SHA256
2d7afd61cda9a26c4194762d38f9fc8e14ebc08638c944384f25848b4e6f296b

SHA512
81558c8351667056f0c92a8041193b2a9d5ad8610a4dea419273745d2e7d55f2beb31f3eb002b743696557b31c9222d6e7c57f9fa9a42050d40f84df06722fe9

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe

Filesize
395KB

MD5
f7f29462158fc195d7144e72e82a1a02

SHA1
36fd41527e4f0823cb405ebcebd9ee9d4aa9fbf8

SHA256
4b6b89363b027bf075945bedac9451d74ff5ea8c7ceecaa20e077778238f0808

SHA512
b2e66f9d7009c3b82754f2b73cccb88e17bf77b33e9f2aceb80f38d6c89a94697b141a219565b13d6749966f67ee54d2ed09c802aa683bf7358463eb2aac750d

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe

Filesize
396KB

MD5
e6078db753f4b918ea3e1a5b9784a49c

SHA1
9b1557d01894b48aafa74df72b5f1756f26d0d2c

SHA256
8e7a9538f604eb28767d23d245a1bc6a1d6c83255fa9c082fc3ab5afdf69ea4e

SHA512
d4da0ed47eab93cf38b80e38ec5bb8db6b0a6b37ccffe450564d081fbbe2381d4d1194d933bb2a38d898041b899ee9d8dae1a2ce6a0f6af2f381d36b81a68dad

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe

Filesize
396KB

MD5
4ac8c089dc808e17c3a6789504ff64b8

SHA1
1e766584a43b3e7f7448e1679745d416d7c082ea

SHA256
24a25f1d45dfb63af9c78082cdfad67c77069387bdb8e76ae9c28cf915fe858f

SHA512
320f679926131e57d38e47640cc3570df2b2ad3e5f22197de65f7421746757bd0e1a79f37740817d04a769e3fd197aa104a4d517150ac105a771a77d54a9b6ea

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe

Filesize
397KB

MD5
c842aa880f66c60e3ac2234185965261

SHA1
fdc2aacaabc5232ccb41fc7cd6f62dbc9e39b8bd

SHA256
d07ee2d81b687036d641bc10a3d48f2c4c4f28d9845ffeaba5bd215025f726b4

SHA512
f313febfdb3d1aa99156eb9ae0848bff57007a58f6fde2e7fabb7b98e0c95abf4712affe782b85577a0f01b6e1ef4ebd5708fc9b53950ef0b7b4c18859b9a769

Download Submit
\??\c:\users\admin\appdata\local\temp\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe

Filesize
397KB

MD5
d74da93904981ca018a902f343420c7c

SHA1
b152ae4177a8e88b6e65368524b28b26ffca0a4d

SHA256
39e914f086f11f0293ff380aad85286f1312653bcc02417a6648b8499d0ae86c

SHA512
91abdaf0762e02b5554c8de2043401b68631ad1caf59c845c6f6a782b7d3ee6fb73d9f8d7717514b895a00836f2735003da3dfbab40eadd8683325ebd71091a3

Download Submit
memory/1480-244-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1480-249-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1576-176-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1648-269-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1648-264-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1904-213-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1904-218-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2076-87-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2076-77-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2260-167-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2392-48-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2392-36-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-271-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2668-270-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3004-76-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3004-64-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3380-60-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3380-49-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3536-257-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3540-207-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3616-178-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3616-188-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3932-155-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3956-38-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3956-27-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4272-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4272-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4300-146-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4348-66-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4348-58-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4388-116-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4852-137-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4988-238-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5172-97-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5212-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5212-9-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5344-126-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5636-227-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5788-98-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5788-108-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/6128-196-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe\""	7853d030e40ad6a87e58290be4186e20_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202k.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202v.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202d.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202c.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202g.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202q.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202t.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202y.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202s.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202i.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7853d030e40ad6a87e58290be4186e20_neikianalytics_3202o.exe\""	7853d030e40ad6a87e58290be4186e20_neikianalytics_3202n.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads