Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/06/2024, 22:49
General
-
Target
1770cc67ad0097e3d11a501a76f17ca0_NeikiAnalytics.exe
-
Size
80KB
-
MD5
1770cc67ad0097e3d11a501a76f17ca0
-
SHA1
a58385849ec58ddfd740803e26c230c9faba5f3c
-
SHA256
312160f2da8daf7248fd5fef640ff3b594a8fda1ce09b38edd9b0413db479110
-
SHA512
44f59148f011a2a86b06075201a8201d8b4770c08f0046cc76a979297fc1f885c4c2a642d77d0aa709e457f33db53d4ad55f8fb52753b13eeecb8b7456023342
-
SSDEEP
1536:gxFazepvBqWkIbpPb0w3NtM4xvgzOrtHwBEEcgk2LgCYrum8SPG2:gLaqHbpP4wdtMlgVT8SL
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1770cc67ad0097e3d11a501a76f17ca0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1770cc67ad0097e3d11a501a76f17ca0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hmhhehlb.exeC:\Windows\system32\Hmhhehlb.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hofdacke.exeC:\Windows\system32\Hofdacke.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcbpab32.exeC:\Windows\system32\Hcbpab32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hecmijim.exeC:\Windows\system32\Hecmijim.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hmjdjgjo.exeC:\Windows\system32\Hmjdjgjo.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcdmga32.exeC:\Windows\system32\Hcdmga32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hfcicmqp.exeC:\Windows\system32\Hfcicmqp.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Immapg32.exeC:\Windows\system32\Immapg32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipknlb32.exeC:\Windows\system32\Ipknlb32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ifefimom.exeC:\Windows\system32\Ifefimom.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iicbehnq.exeC:\Windows\system32\Iicbehnq.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ikbnacmd.exeC:\Windows\system32\Ikbnacmd.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iblfnn32.exeC:\Windows\system32\Iblfnn32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Imakkfdg.exeC:\Windows\system32\Imakkfdg.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ildkgc32.exeC:\Windows\system32\Ildkgc32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ickchq32.exeC:\Windows\system32\Ickchq32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iihkpg32.exeC:\Windows\system32\Iihkpg32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ilghlc32.exeC:\Windows\system32\Ilghlc32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibqpimpl.exeC:\Windows\system32\Ibqpimpl.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ieolehop.exeC:\Windows\system32\Ieolehop.exe21⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ipdqba32.exeC:\Windows\system32\Ipdqba32.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibcmom32.exeC:\Windows\system32\Ibcmom32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jeaikh32.exeC:\Windows\system32\Jeaikh32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmhale32.exeC:\Windows\system32\Jmhale32.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jbeidl32.exeC:\Windows\system32\Jbeidl32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jedeph32.exeC:\Windows\system32\Jedeph32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmknaell.exeC:\Windows\system32\Jmknaell.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jpijnqkp.exeC:\Windows\system32\Jpijnqkp.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jcefno32.exeC:\Windows\system32\Jcefno32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jefbfgig.exeC:\Windows\system32\Jefbfgig.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmmjgejj.exeC:\Windows\system32\Jmmjgejj.exe32⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jplfcpin.exeC:\Windows\system32\Jplfcpin.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jfeopj32.exeC:\Windows\system32\Jfeopj32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jmpgldhg.exeC:\Windows\system32\Jmpgldhg.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jpnchp32.exeC:\Windows\system32\Jpnchp32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jcioiood.exeC:\Windows\system32\Jcioiood.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jeklag32.exeC:\Windows\system32\Jeklag32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jifhaenk.exeC:\Windows\system32\Jifhaenk.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jpppnp32.exeC:\Windows\system32\Jpppnp32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kboljk32.exeC:\Windows\system32\Kboljk32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kemhff32.exeC:\Windows\system32\Kemhff32.exe42⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmdqgd32.exeC:\Windows\system32\Kmdqgd32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klgqcqkl.exeC:\Windows\system32\Klgqcqkl.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kbaipkbi.exeC:\Windows\system32\Kbaipkbi.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kepelfam.exeC:\Windows\system32\Kepelfam.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kmfmmcbo.exeC:\Windows\system32\Kmfmmcbo.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpeiioac.exeC:\Windows\system32\Kpeiioac.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbceejpf.exeC:\Windows\system32\Kbceejpf.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kimnbd32.exeC:\Windows\system32\Kimnbd32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Klljnp32.exeC:\Windows\system32\Klljnp32.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpgfooop.exeC:\Windows\system32\Kpgfooop.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfankifm.exeC:\Windows\system32\Kfankifm.exe53⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kedoge32.exeC:\Windows\system32\Kedoge32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kmkfhc32.exeC:\Windows\system32\Kmkfhc32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kpjcdn32.exeC:\Windows\system32\Kpjcdn32.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kbhoqj32.exeC:\Windows\system32\Kbhoqj32.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kfckahdj.exeC:\Windows\system32\Kfckahdj.exe58⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kmncnb32.exeC:\Windows\system32\Kmncnb32.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Klqcioba.exeC:\Windows\system32\Klqcioba.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdgljmcd.exeC:\Windows\system32\Kdgljmcd.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lffhfh32.exeC:\Windows\system32\Lffhfh32.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmppcbjd.exeC:\Windows\system32\Lmppcbjd.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lpnlpnih.exeC:\Windows\system32\Lpnlpnih.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lbmhlihl.exeC:\Windows\system32\Lbmhlihl.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ligqhc32.exeC:\Windows\system32\Ligqhc32.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Llemdo32.exeC:\Windows\system32\Llemdo32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ldleel32.exeC:\Windows\system32\Ldleel32.exe68⤵
-
C:\Windows\SysWOW64\Lfkaag32.exeC:\Windows\system32\Lfkaag32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Lpcfkm32.exeC:\Windows\system32\Lpcfkm32.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lbabgh32.exeC:\Windows\system32\Lbabgh32.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lepncd32.exeC:\Windows\system32\Lepncd32.exe72⤵
-
C:\Windows\SysWOW64\Lpebpm32.exeC:\Windows\system32\Lpebpm32.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Lebkhc32.exeC:\Windows\system32\Lebkhc32.exe74⤵
-
C:\Windows\SysWOW64\Lllcen32.exeC:\Windows\system32\Lllcen32.exe75⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mdckfk32.exeC:\Windows\system32\Mdckfk32.exe76⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mbfkbhpa.exeC:\Windows\system32\Mbfkbhpa.exe77⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mipcob32.exeC:\Windows\system32\Mipcob32.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mpjlklok.exeC:\Windows\system32\Mpjlklok.exe79⤵
-
C:\Windows\SysWOW64\Mchhggno.exeC:\Windows\system32\Mchhggno.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Megdccmb.exeC:\Windows\system32\Megdccmb.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mplhql32.exeC:\Windows\system32\Mplhql32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mckemg32.exeC:\Windows\system32\Mckemg32.exe83⤵
-
C:\Windows\SysWOW64\Miemjaci.exeC:\Windows\system32\Miemjaci.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Mlcifmbl.exeC:\Windows\system32\Mlcifmbl.exe85⤵
-
C:\Windows\SysWOW64\Mgimcebb.exeC:\Windows\system32\Mgimcebb.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmbfpp32.exeC:\Windows\system32\Mmbfpp32.exe87⤵
-
C:\Windows\SysWOW64\Mpablkhc.exeC:\Windows\system32\Mpablkhc.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgkjhe32.exeC:\Windows\system32\Mgkjhe32.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mnebeogl.exeC:\Windows\system32\Mnebeogl.exe90⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ndokbi32.exeC:\Windows\system32\Ndokbi32.exe91⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nilcjp32.exeC:\Windows\system32\Nilcjp32.exe92⤵
-
C:\Windows\SysWOW64\Nljofl32.exeC:\Windows\system32\Nljofl32.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncdgcf32.exeC:\Windows\system32\Ncdgcf32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nebdoa32.exeC:\Windows\system32\Nebdoa32.exe95⤵
-
C:\Windows\SysWOW64\Nlmllkja.exeC:\Windows\system32\Nlmllkja.exe96⤵
-
C:\Windows\SysWOW64\Ncfdie32.exeC:\Windows\system32\Ncfdie32.exe97⤵
-
C:\Windows\SysWOW64\Neeqea32.exeC:\Windows\system32\Neeqea32.exe98⤵
-
C:\Windows\SysWOW64\Nnlhfn32.exeC:\Windows\system32\Nnlhfn32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Npjebj32.exeC:\Windows\system32\Npjebj32.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nnneknob.exeC:\Windows\system32\Nnneknob.exe101⤵
-
C:\Windows\SysWOW64\Nckndeni.exeC:\Windows\system32\Nckndeni.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nfjjppmm.exeC:\Windows\system32\Nfjjppmm.exe103⤵
-
C:\Windows\SysWOW64\Nnqbanmo.exeC:\Windows\system32\Nnqbanmo.exe104⤵
-
C:\Windows\SysWOW64\Oponmilc.exeC:\Windows\system32\Oponmilc.exe105⤵
-
C:\Windows\SysWOW64\Ocnjidkf.exeC:\Windows\system32\Ocnjidkf.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oflgep32.exeC:\Windows\system32\Oflgep32.exe107⤵
-
C:\Windows\SysWOW64\Olfobjbg.exeC:\Windows\system32\Olfobjbg.exe108⤵
-
C:\Windows\SysWOW64\Ocpgod32.exeC:\Windows\system32\Ocpgod32.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofnckp32.exeC:\Windows\system32\Ofnckp32.exe110⤵
-
C:\Windows\SysWOW64\Olhlhjpd.exeC:\Windows\system32\Olhlhjpd.exe111⤵
-
C:\Windows\SysWOW64\Odocigqg.exeC:\Windows\system32\Odocigqg.exe112⤵
-
C:\Windows\SysWOW64\Ognpebpj.exeC:\Windows\system32\Ognpebpj.exe113⤵
-
C:\Windows\SysWOW64\Onhhamgg.exeC:\Windows\system32\Onhhamgg.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Odapnf32.exeC:\Windows\system32\Odapnf32.exe115⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofcmfodb.exeC:\Windows\system32\Ofcmfodb.exe116⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Olmeci32.exeC:\Windows\system32\Olmeci32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Oddmdf32.exeC:\Windows\system32\Oddmdf32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ofeilobp.exeC:\Windows\system32\Ofeilobp.exe119⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ojaelm32.exeC:\Windows\system32\Ojaelm32.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pdfjifjo.exeC:\Windows\system32\Pdfjifjo.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-