Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
-
Size
303KB
-
MD5
7f9a478d1c29c2d000a4dfc2e3c493e0
-
SHA1
6a5c7afc80c03493bdc824d327aaa8dd0249b9a7
-
SHA256
d653b46d3b298c1f4d42edabc701ece859cf2d4a3fa80471c0df6e9a10e28706
-
SHA512
33770b150be7ba17a5d4416116aa70c56a756f360410d9d8d30bda137e67ff291655213bed0f555b9737f6a3716e92439243f3c4e02252553c99717b758e91ce
-
SSDEEP
1536:wV61OQr8x1Di7+p5DuzCbnuEMgFNmnBWInd7dGiiLsyAmRL+:wV6H4c+p5DuzVF4EnGiiIyAmRL
Malware Config
Signatures
-
Contacts a large (1283) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Registers COM server for autorun 1 TTPs 1 IoCs
Processes:
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32\ = "C:\\Windows\\SysWow64\\qxpqsnfs@ëR.dll" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe -
Drops file in System32 directory 64 IoCs
Processes:
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exedescription ioc process File opened for modification C:\Windows\SysWOW64\redmirqdb[wj.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\tseewiupb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\flslegii¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ovkzzlex¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\inxseskgb[w|.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\vdgsbkbdb[wy.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\nppmwphh¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\roqjmmpgb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\dtmcupdlb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\eeqskjcpb[w .dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\htllkcjnb[wC.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\dsnlaegcb[w*.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\dsnotvjxb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ldokeqlhb[wh.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\mvqhmxkcb[w!.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\pdekxvujb[w|.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\xebjtesob[we.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ihhrtcjfb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\mfsctbpfb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\glzsielwb[wz.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\wmxtmbytb[wP.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\epnbjerwb[w2.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ijnphisc¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\bzarxsojb[wX.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\gxksostvb[w'.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ypxaywmlb[wY.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\jlrlveacb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\yyncwvrkb[w`.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\nynkftuc¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\wwhhppuu¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\kqaidffjb[w-.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\slqijdjab[wS.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\wgekohsxb[wX.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\syhvznlxb[w5.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\hpxebaeyb[w..dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\osohktklb[wg.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ygbrdybqb[wR.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\pcdpvrdwb[w5.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\tqljojyqb[wj.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ysqrminrb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\czwubxdtb[wl.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\zxcetetwb[w-.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\inyljhvkb[wz.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\lswzeyjvb[w<.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\otxyafaxb[wf.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\muwdwqvib[wv.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\pwpdqccd¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ujrvlwjrb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\mwpxbpfvb[w.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\mspsgvht¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\kpwdztczb[wy.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\enaeazngb[wL.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\adviygppb[w .dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\qwhffhzzb[w?.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\ldehvoacb[w\.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\hlplgpck¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\zvnsmdesb[wh.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\yhridltpb[wu.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\xhjthoza¸.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\dqosqfxab[w%.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\keeozkqbb[wf.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\qrxaiuhlb[wu.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\cwfurlwwb[w(.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Windows\SysWOW64\bocpauasb[wZ.dll 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe -
Drops file in Program Files directory 16 IoCs
Processes:
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exedescription ioc process File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\README.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\ksgbyltl.exe 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\panvxkes.exe 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\olsrcpmp.exe 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\Welcome.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Microsoft Office\Office16\OSPP.HTM 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\skdhqemz.exe 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\RenameConvertTo.shtml 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\oilsxgsx.exe 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe File opened for modification C:\Program Files\Java\jre-1.8\Welcome.html 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe -
Modifies registry class 26 IoCs
Processes:
7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99D3F1D9-D863-9F56-49C9-5475F796C384}\ = "tzuhzhmbbiweykpj" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99D3F1D9-D863-9F56-49C9-5475F796C384}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5D67DDE3-815B-393B-306C-654B918BCDF7}\ = "qknirrvrseiobfik" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5D67DDE3-815B-393B-306C-654B918BCDF7}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D12B7811-00DC-EA9D-9F6E-2CBC442DE822}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D6A53C4-64B2-A969-7070-8FEE6F6C7D1C}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\oilsxgsx.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94B5D344-077C-EDC0-7F88-70BAB20BD2CB}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\skdhqemz.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD8CA0E4-99C1-007A-8121-9E1D15DBA87F}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\olsrcpmp.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99D3F1D9-D863-9F56-49C9-5475F796C384}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5D67DDE3-815B-393B-306C-654B918BCDF7} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94B5D344-077C-EDC0-7F88-70BAB20BD2CB}\ = "cwxiiottozmlxssx" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD8CA0E4-99C1-007A-8121-9E1D15DBA87F} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22c6c651-f6ea-46be-bc83-54e83314c67f}\InProcServer32\ = "C:\\Windows\\SysWow64\\dpdejvdc\x7fb[wa.dll" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD8CA0E4-99C1-007A-8121-9E1D15DBA87F}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{99D3F1D9-D863-9F56-49C9-5475F796C384} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32\ = "C:\\Windows\\SysWow64\\qxpqsnfs@ëR.dll" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D6A53C4-64B2-A969-7070-8FEE6F6C7D1C}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94B5D344-077C-EDC0-7F88-70BAB20BD2CB} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94B5D344-077C-EDC0-7F88-70BAB20BD2CB}\LocalServer32 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D12B7811-00DC-EA9D-9F6E-2CBC442DE822}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\panvxkes.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5D67DDE3-815B-393B-306C-654B918BCDF7}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\ksgbyltl.exe" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D12B7811-00DC-EA9D-9F6E-2CBC442DE822} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D6A53C4-64B2-A969-7070-8FEE6F6C7D1C}\ = "covpqlyfubofkzsf" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D12B7811-00DC-EA9D-9F6E-2CBC442DE822}\ = "yhrginlogftgnlec" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D6A53C4-64B2-A969-7070-8FEE6F6C7D1C} 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FD8CA0E4-99C1-007A-8121-9E1D15DBA87F}\ = "mhfisxaldaohaurd" 7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7f9a478d1c29c2d000a4dfc2e3c493e0_NeikiAnalytics.exe"1⤵
- Registers COM server for autorun
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:5100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\SysWOW64\evbtzrnk¸.dllFilesize
103KB
MD54456ccf225fe533d1d79e76a2a67e12b
SHA12a0978d3928e91536b8bd0616f65037c79c2978b
SHA256f4b1a14ba1f697eead220145d0605b9679a5b7f95cc213900b6ce67a2d7f8f6c
SHA512321d058778fb3ed254b58d6040b540de9c781dff6f4b09e4d6a4e5a90bde1bf368458618cc8180d01bdfcbf798125d7c1355b7a05e35531366933d5e1edb05da
-
C:\Windows\SysWOW64\hzypcoaq¸.dllFilesize
103KB
MD5f231db98798f09ee7ab1eb49924727d3
SHA1a75c64852968fad2c981a21277c3d89d8338b367
SHA256cc1e46b50fc41fc7e70ff32ae2af3871587760c4cdcd5012ff9bfb42f1fe593b
SHA51261f37fa0a9c512576b2a50551fb9521d7b2ef32d25af3693d9783ab1adba618b84ab03b32b577efdc10adc1ec2c167d911ca19e86936b3993b00127a7032fdc7
-
C:\Windows\SysWOW64\kglyjodu¸.dllFilesize
103KB
MD57e2e490513a57f35e27531398b55f655
SHA1a773013f2e5f796f214a4e21c8da569d44bbc1a6
SHA25690c963fe367353eb7c52197e5b925a7505300ab00a1ca1c2659c0733c98a9892
SHA512aa6a4360ad660102058b3fc36a8e1ffcbf934554feb6b8b2ac51fe6c6eafa3a11756f545d62dd8ab8c4ded3b20026fc2b3f85c1f359b9ca8c1894240991598c1
-
C:\Windows\SysWOW64\mhzrpwaqb[w#.dllFilesize
103KB
MD5026c4d22bf4964f07533ea314b7cfd0e
SHA14c3a5481928065affc1d162a10be7136a1eb2384
SHA25600d2cc39231d58471a55057c81240017db70fc35dad2bbcc928df1e6ebc606ea
SHA5129bf87ae8d8f485310688767fdccae88d3da34281744e6c28a558c90c2d562583173de849c3a4f91251ee30ef36dc7c22027bda58b95fd910c7fcd995fb90f25b
-
memory/5100-0-0x0000000000400000-0x0000000000436000-memory.dmpFilesize
216KB
-
memory/5100-1-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-6-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-10-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-22-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-35-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-48-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-59-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-68-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-87-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-106-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-119-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-130-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-141-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-150-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-175-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-187-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-203-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-226-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-241-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-256-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-274-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-289-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-290-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-291-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-292-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-293-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-295-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-312-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-326-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-348-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-369-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-385-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-399-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-432-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-451-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-478-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-498-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-515-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-542-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-556-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-578-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-594-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-609-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-624-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-641-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-657-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-665-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-666-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-667-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-668-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-669-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-670-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-671-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-672-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-673-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-674-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-675-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-676-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-1197-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB
-
memory/5100-3204-0x0000000000480000-0x000000000049D000-memory.dmpFilesize
116KB