c8fa8ac6a29e02eaafbc4abbb260273c3b6d85528084ca17fd83361869c9ad4a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17-06-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Size

481KB
MD5

8793bc6592be7e94dd3eb7d7e82c8290
SHA1

ffc456c7d9fe236cf96bb25b12f3a57332a4ce67
SHA256

c8fa8ac6a29e02eaafbc4abbb260273c3b6d85528084ca17fd83361869c9ad4a
SHA512

47ac3f91d862fab4ee85cf8ce56c770ed0a3f18a9dbf86fe5e082b9a5f6cb5522b66fb800d37ffc219ab2188bc607619de94308dd9a4d762040a61abeab0f4fb
SSDEEP

6144:CqppuGRYx4H712f/SBTpzZA6rXD40b+7TJDAMySU3+:CqpNtb1YIp9AI4FDAMySB

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
2436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
848	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
1544	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
916	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
700	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
1664	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
1408	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
1896	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
2268	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
2776	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
2436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
2436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
848	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
848	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
1544	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
1544	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
916	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
916	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
700	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
700	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
1664	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
1664	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
1408	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
1408	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
1896	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
1896	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
2268	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
2268	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 13beefcb9c078644	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2800	3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 2800	3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 2800	3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	28
PID 3012 wrote to memory of 2800	3012	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	28
PID 2800 wrote to memory of 2684	2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	29
PID 2800 wrote to memory of 2684	2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	29
PID 2800 wrote to memory of 2684	2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	29
PID 2800 wrote to memory of 2684	2800	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	29
PID 2684 wrote to memory of 2000	2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	30
PID 2684 wrote to memory of 2000	2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	30
PID 2684 wrote to memory of 2000	2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	30
PID 2684 wrote to memory of 2000	2684	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	30
PID 2000 wrote to memory of 3028	2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	31
PID 2000 wrote to memory of 3028	2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	31
PID 2000 wrote to memory of 3028	2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	31
PID 2000 wrote to memory of 3028	2000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	31
PID 3028 wrote to memory of 2520	3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	32
PID 3028 wrote to memory of 2520	3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	32
PID 3028 wrote to memory of 2520	3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	32
PID 3028 wrote to memory of 2520	3028	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	32
PID 2520 wrote to memory of 3000	2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	33
PID 2520 wrote to memory of 3000	2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	33
PID 2520 wrote to memory of 3000	2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	33
PID 2520 wrote to memory of 3000	2520	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	33
PID 3000 wrote to memory of 2820	3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	34
PID 3000 wrote to memory of 2820	3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	34
PID 3000 wrote to memory of 2820	3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	34
PID 3000 wrote to memory of 2820	3000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	34
PID 2820 wrote to memory of 1584	2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	35
PID 2820 wrote to memory of 1584	2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	35
PID 2820 wrote to memory of 1584	2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	35
PID 2820 wrote to memory of 1584	2820	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	35
PID 1584 wrote to memory of 1792	1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	36
PID 1584 wrote to memory of 1792	1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	36
PID 1584 wrote to memory of 1792	1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	36
PID 1584 wrote to memory of 1792	1584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	36
PID 1792 wrote to memory of 2184	1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	37
PID 1792 wrote to memory of 2184	1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	37
PID 1792 wrote to memory of 2184	1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	37
PID 1792 wrote to memory of 2184	1792	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	37
PID 2184 wrote to memory of 2040	2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	38
PID 2184 wrote to memory of 2040	2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	38
PID 2184 wrote to memory of 2040	2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	38
PID 2184 wrote to memory of 2040	2184	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	38
PID 2040 wrote to memory of 2992	2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	39
PID 2040 wrote to memory of 2992	2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	39
PID 2040 wrote to memory of 2992	2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	39
PID 2040 wrote to memory of 2992	2040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	39
PID 2992 wrote to memory of 264	2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	40
PID 2992 wrote to memory of 264	2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	40
PID 2992 wrote to memory of 264	2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	40
PID 2992 wrote to memory of 264	2992	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	40
PID 264 wrote to memory of 584	264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	41
PID 264 wrote to memory of 584	264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	41
PID 264 wrote to memory of 584	264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	41
PID 264 wrote to memory of 584	264	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	41
PID 584 wrote to memory of 1436	584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	42
PID 584 wrote to memory of 1436	584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	42
PID 584 wrote to memory of 1436	584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	42
PID 584 wrote to memory of 1436	584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	42
PID 1436 wrote to memory of 2432	1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	43
PID 1436 wrote to memory of 2432	1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	43
PID 1436 wrote to memory of 2432	1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	43
PID 1436 wrote to memory of 2432	1436	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3012
- \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2800
- - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2000
    - - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3028
      - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3000
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1584
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1792
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2184
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2040
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:264
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:584
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1436
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2432
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2436
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:848
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1544
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:916
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:700
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1664
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1408
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1896
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2268
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe

Filesize
482KB

MD5
cea2c350766216a57a55ab585b919545

SHA1
5098e545ae7c506519e0fa3ef787b77ab98098e3

SHA256
a55163cd85b235d61aebfb11672817250be7a74b70f3b336afdc437c64f27d52

SHA512
6a02dad8da1f87a6914b5515545d8eda5d95cb9a669e4c00634c97ffe26de9227718485369e13896a0452c4dd4297bac4e3b73388933447ea1d8b596fa13e2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe

Filesize
482KB

MD5
d1dbb561f4eb1f7542544710df3f1234

SHA1
dc277a8fc48887d00e178932c09a3cf39692014f

SHA256
5c21e4f0d8646ca007a00b936fa0803424e3e7d387aa4401d864aa5004052d19

SHA512
a9f7719db05bbfe1a59e8cb994540187048c7512d27a937cea4ce57def698d4a4ded5ba5d77f6c5bb7fb1afcb2685db893ea2382a0d53bee3a518a6059539d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe

Filesize
483KB

MD5
789f18d7d7b72ef5dee39fc26bafdef5

SHA1
c4b99bb5116b606f7160a4774ca2350d56331620

SHA256
a78ca11b0f19807446c063f28832a275239ed16f7f910653f29a0fe09cb5d964

SHA512
7367840364566595a6e1edc2b953613e4734151fa40dd5dd6e6853acc673baacaf69e352e47b8cbea97ca911221035d7f9e9a1adb1db7ce66ac8b1bf39cacb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe

Filesize
484KB

MD5
ff11dcc9d5cf033e4e9502d0459a5221

SHA1
228c1035f5fc69acc4cab0eaaf3196e4573a46e5

SHA256
a30b428b41b03465b4c6d2f95c4c8b16072b75d0c3d7560bf43137c6b45f9ab4

SHA512
686e3e848ac75706adb381e736f3a71aaee0de8f81e2725ba0db98a86c7cfb30ca343663f800b2b0fd55405d7437440ad56f960264a52ba0e342bc121a60d7e3

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe

Filesize
482KB

MD5
3414c11e0c0a6b5cf8a6d14f2455bb45

SHA1
4be809f3fa70de23c78cc85c823e2a77885c1bf9

SHA256
ba05f1f94ee3a3572c212f89e441dbfdbc4a18ec87b551fb007a3e8c1d37c09e

SHA512
d5ea6fddf62e515d4d56f335683d9ebfdbf025cbd493917d712e8c02b4401f6d003ab903fd7c5285e613f1bed9949626e8b6e27be4e33199f9ea40877892f8d7

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe

Filesize
482KB

MD5
93b1ad6a0f8833b2b8d21770264f2152

SHA1
6944c893b1a2402dfa3f7f82236546dc38d4f9a0

SHA256
8e1972d4e71a5d68300ec3a0edaf8cab223de508713f43345669cb9e8d098fea

SHA512
d4c3deed7310e2f5a7a7884aeb42d20c36fe27329fa3f85e5838b1aef6c39b32f49d36b6d1ed49262cb63bea55860d170d684674bcad2096864e911dcb9d3341

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe

Filesize
483KB

MD5
88c1caf84859f7ad456ee995d49c8537

SHA1
354942aaca22feea50cb316b22422913cb71cf6e

SHA256
08877a676d4769df54bb6bbc636055c6da48435d810811fbed08f878f7cce795

SHA512
f17a423c089f9e8e76a39a2813360e039de3a5ede05b08796f3616554dbbc8dbddc436d98d777a0536280dd78839677967c9f9e92e92b5878462781f81bd9474

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe

Filesize
483KB

MD5
c37074e95c51ef5424c2e3900ddfa03a

SHA1
7d2c4ef6981769cc9fd05eb07f63893117133652

SHA256
548b209f200dc3ebbf76d924562be533efb3e458a9d0c2c9386d6029537f3fe8

SHA512
9843f0d7fb0379be2c423d9704a763fba2471cd236c91411f18445defd6521119a21b1b9011b0f9406699e787bc21fb7ade87c3246bce598e0bb9093b93fb8b4

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe

Filesize
483KB

MD5
6977acd7d9d20c1ad0eda4f511870173

SHA1
72fecf7100d112a11343a144ab65715e4517bfec

SHA256
3e53600f16cd1c8b720dababcab4fcbdf407e1edf9bcbfb60249ce5993699ce9

SHA512
7d882fa77fd1c79e67ea8eb68e1528cb964d1bfad9e282999940e407a2afd2f60a33d447d58dfdddc8950e7d7b91661972f03396e5312679d356f785e59dda25

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe

Filesize
484KB

MD5
81b6603ecf6d438820ed5624f3e83f3e

SHA1
5f7ab6bfa3e1907cc2c3cb71f55f5bd38dc8e811

SHA256
8f83d1455f7551519cadff1ce03833b14af5d17ebc472a6869aa8db5ff55c013

SHA512
7358d460a1cb223a7fc36f5bace168a325e4979d318e8b2cc4c4a36a8dded6c441cab0dad014237118614e8d8e64c9ab0bbb98637fefc3627adc83b2c00b027d

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe

Filesize
484KB

MD5
90c12a9c9427e19d96d0cd3cfcbf4f3c

SHA1
db795b1505da07e2c1a52c85a87f7cff1ed8add4

SHA256
008b9a661102dd4be0aaae1d48d17cea069ab2977e9a7779de542026251d2c9f

SHA512
18da9a379f2574ecfd109d71930aae21c0001ba68d408ba50cc62f9d51ca2b3cce0d4a8bbc265a78958c0b68a03d81a44b97ea17fab12441aa2404799a074e43

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe

Filesize
484KB

MD5
caa8ac6c7f40b687efc6901baf19baa4

SHA1
4f011e4bbac90fc5ac35e5880d136a5b12583c64

SHA256
a8eb9b0c7bb1d4221aa05cd590777fdf631a95e519bff1672285ec9611efa67d

SHA512
a30ec0c3d0aefaed685120bdfcad31c0b4738571209bdfff65b64eadaaded9d5aa626f566b639e93ee29cd1af80a491d1c359c2c3f730169f9b3bf09e2a3fd9d

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe

Filesize
484KB

MD5
36e7e569c23094891289dc415e508034

SHA1
5906fb7415aab9208f77196b879a2794838ecf4d

SHA256
e64df9c3a940e79fcd7a8b7456465d4b0ce0359380c34d417bb1a55813f59cf9

SHA512
34fdc15b47988923b886288dfbd2ff509b85217fb2fd124253b4c020ceb9be886817b958760d9a66916708dc6aeb1aae850ed831f1fb3b755ac72cf959c3871e

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe

Filesize
485KB

MD5
8e9e708263f53b31a4ddd8ca9aef4f5a

SHA1
aeb364ede2f2d094589a38267f30afe3b28f2441

SHA256
b09df0262f0b5d2b86780b4dadb60521f99dc87d079c06ef58891263e0f122c8

SHA512
e720a010d19818db515eebee974946f192fd29e74ced2672f32a38ca45a9c31734be103df41878946910b31f156d05ee1e96ae485c038456425774de0b4a429d

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe

Filesize
485KB

MD5
0c43b55f2871c468f94e19cecd422680

SHA1
ad6f36f0d16f9e6b38b405c83bd9729947a44188

SHA256
499c7725641813a1d45b3a023251fac85729fdb2b62cda9de87a0f4acc558bb9

SHA512
ade88399115f95ba4b52e694bb028cc1e799c63e9ae5d477a3b595fba679aac9982ef76e17663d5a61acc52ca05bbc8024cbcfe38c0286f48b02629764566d99

Download Submit
\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe

Filesize
485KB

MD5
469f8e6df53078ca17ec93f5faef6cf8

SHA1
0a1189d67e8a130562c88ef86306110761c47b2f

SHA256
5013e00f3c852e59b376f7c959ecbec49c9b074a7c2364408664193b236edcde

SHA512
70e4bc7e103ef7e43897f1481765d170a2374d9ecdbf86e0a345cd05bc105f6caa429ca6e93e96ae58eb8566b4aef312dcc68cffd723c9586658778aa5d41a1b

Download Submit
memory/264-218-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/584-233-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/700-322-0x0000000000250000-0x0000000000292000-memory.dmp

Filesize
264KB

Download
memory/700-320-0x0000000000250000-0x0000000000292000-memory.dmp

Filesize
264KB

Download
memory/700-323-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/848-287-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/916-310-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1408-347-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1436-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1436-249-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1544-299-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1544-288-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1584-141-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1664-334-0x00000000003A0000-0x00000000003E2000-memory.dmp

Filesize
264KB

Download
memory/1664-336-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1664-324-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-142-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-156-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1896-358-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2000-62-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2000-54-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2040-188-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2040-175-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2184-166-0x0000000000550000-0x0000000000592000-memory.dmp

Filesize
264KB

Download
memory/2184-173-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2268-370-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2268-359-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2432-252-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2432-263-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2436-271-0x0000000001BB0000-0x0000000001BF2000-memory.dmp

Filesize
264KB

Download
memory/2436-269-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2436-276-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2520-94-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2520-80-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2684-40-0x0000000000360000-0x00000000003A2000-memory.dmp

Filesize
264KB

Download
memory/2684-37-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2684-47-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2776-371-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2800-29-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2800-15-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-125-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2820-117-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2992-204-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3000-110-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3012-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3012-14-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-79-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-64-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads