c8fa8ac6a29e02eaafbc4abbb260273c3b6d85528084ca17fd83361869c9ad4a

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Size

481KB
MD5

8793bc6592be7e94dd3eb7d7e82c8290
SHA1

ffc456c7d9fe236cf96bb25b12f3a57332a4ce67
SHA256

c8fa8ac6a29e02eaafbc4abbb260273c3b6d85528084ca17fd83361869c9ad4a
SHA512

47ac3f91d862fab4ee85cf8ce56c770ed0a3f18a9dbf86fe5e082b9a5f6cb5522b66fb800d37ffc219ab2188bc607619de94308dd9a4d762040a61abeab0f4fb
SSDEEP

6144:CqppuGRYx4H712f/SBTpzZA6rXD40b+7TJDAMySU3+:CqpNtb1YIp9AI4FDAMySB

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
940	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
5076	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
3192	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
324	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
2296	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
2308	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
3704	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
688	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
4596	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
1972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
4636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
3040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
4716	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
2584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
3288	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
4128	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
3508	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
2872	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
3636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
4972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
1000	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
3968	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
2920	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
1856	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
4484	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 8cc060b0a5225150	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 940	2752	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	81
PID 2752 wrote to memory of 940	2752	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	81
PID 2752 wrote to memory of 940	2752	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe	81
PID 940 wrote to memory of 5076	940	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	82
PID 940 wrote to memory of 5076	940	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	82
PID 940 wrote to memory of 5076	940	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe	82
PID 5076 wrote to memory of 3192	5076	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	83
PID 5076 wrote to memory of 3192	5076	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	83
PID 5076 wrote to memory of 3192	5076	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe	83
PID 3192 wrote to memory of 324	3192	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	84
PID 3192 wrote to memory of 324	3192	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	84
PID 3192 wrote to memory of 324	3192	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe	84
PID 324 wrote to memory of 2432	324	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	85
PID 324 wrote to memory of 2432	324	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	85
PID 324 wrote to memory of 2432	324	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe	85
PID 2432 wrote to memory of 2296	2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	87
PID 2432 wrote to memory of 2296	2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	87
PID 2432 wrote to memory of 2296	2432	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe	87
PID 2296 wrote to memory of 2308	2296	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	88
PID 2296 wrote to memory of 2308	2296	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	88
PID 2296 wrote to memory of 2308	2296	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe	88
PID 2308 wrote to memory of 3704	2308	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	90
PID 2308 wrote to memory of 3704	2308	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	90
PID 2308 wrote to memory of 3704	2308	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe	90
PID 3704 wrote to memory of 688	3704	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	91
PID 3704 wrote to memory of 688	3704	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	91
PID 3704 wrote to memory of 688	3704	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe	91
PID 688 wrote to memory of 4596	688	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	92
PID 688 wrote to memory of 4596	688	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	92
PID 688 wrote to memory of 4596	688	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe	92
PID 4596 wrote to memory of 1972	4596	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	93
PID 4596 wrote to memory of 1972	4596	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	93
PID 4596 wrote to memory of 1972	4596	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe	93
PID 1972 wrote to memory of 4636	1972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	94
PID 1972 wrote to memory of 4636	1972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	94
PID 1972 wrote to memory of 4636	1972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe	94
PID 4636 wrote to memory of 3040	4636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	96
PID 4636 wrote to memory of 3040	4636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	96
PID 4636 wrote to memory of 3040	4636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe	96
PID 3040 wrote to memory of 4716	3040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	97
PID 3040 wrote to memory of 4716	3040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	97
PID 3040 wrote to memory of 4716	3040	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe	97
PID 4716 wrote to memory of 2584	4716	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	98
PID 4716 wrote to memory of 2584	4716	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	98
PID 4716 wrote to memory of 2584	4716	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe	98
PID 2584 wrote to memory of 3288	2584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	99
PID 2584 wrote to memory of 3288	2584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	99
PID 2584 wrote to memory of 3288	2584	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe	99
PID 3288 wrote to memory of 4128	3288	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe	100
PID 3288 wrote to memory of 4128	3288	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe	100
PID 3288 wrote to memory of 4128	3288	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe	100
PID 4128 wrote to memory of 3508	4128	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe	101
PID 4128 wrote to memory of 3508	4128	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe	101
PID 4128 wrote to memory of 3508	4128	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe	101
PID 3508 wrote to memory of 2872	3508	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe	102
PID 3508 wrote to memory of 2872	3508	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe	102
PID 3508 wrote to memory of 2872	3508	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe	102
PID 2872 wrote to memory of 3636	2872	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe	103
PID 2872 wrote to memory of 3636	2872	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe	103
PID 2872 wrote to memory of 3636	2872	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe	103
PID 3636 wrote to memory of 4972	3636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe	104
PID 3636 wrote to memory of 4972	3636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe	104
PID 3636 wrote to memory of 4972	3636	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe	104
PID 4972 wrote to memory of 1000	4972	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe	105

C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2752
- \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:940
- - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:5076
  - - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:3192
    - - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:324
      - \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2308
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3704
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:688
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4596
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1972
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4636
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3040
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4716
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2584
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3288
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4128
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3508
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2872
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3636
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4972
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1000
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:3968
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2920
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1856
        
        \??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe

Filesize
482KB

MD5
38c4ad3c4b7bf07d99bb6fdc4c0acc57

SHA1
66caf0074d8d24138ab213e3302ec2c01489d35d

SHA256
6a50b1029984aedd7817a787d802bcdedbfe793a996d56e53d96c06218dfdc72

SHA512
d3605dcd341c5673ad91e7539267866d8c01583dc9ddcaf072476bf7228abe2f8b3aeb328c529cc92ab3cfc035caf36cd975b3c1c37da82e0bd1eb453e02da85

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe

Filesize
482KB

MD5
70b04311bee0fb7b5302644489037df7

SHA1
89b2c6ab320cf1a046800bb0e2b0432c818c497f

SHA256
50b7a617aceef5f7e77545221d5a0d4ebf6ebf138ea0cbe533f45a35c8024522

SHA512
71dcd33a9ca482f8166ae6446672b4d3ac259cf5909c306a545c2222b5772330039f8ca48fbafc21053a401b8c5df53e6a92a90c7eabad289a7fca42eb38ad91

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe

Filesize
483KB

MD5
8f81af1fe77b859590f9e96ac04e1a3e

SHA1
85c6891217f94c0889881af7c4f0acfb94ba9479

SHA256
420e2a62d5ad1b8816e05110c2f42778dcc15d0cab18ec89c507c407b6a977fe

SHA512
76e46b79a31220cc9940894939a9352dbd38b687a286d63546954eae2d8533e66e70a55c3c9892ebdf380d049bd93272f512d9aabdd1815beabe36c5a45f4f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe

Filesize
483KB

MD5
aefb090009c369a3dc2e64d7bba2f82c

SHA1
e8b17a0a928f27e38320452942d2165b007fa2de

SHA256
4199505bd4195afd3730fc52e6beb8dde4a277a45a61e78a926cd8669079c3d7

SHA512
c36c7ce37251d4dde54f2eb5b16def08db1ede6c6aa83170e107563996e5eb1912f7aa021303938668779f32e291a72cade77702bd78259619ef32ba45e7a652

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe

Filesize
483KB

MD5
7ba074eede54182641fa343bba029982

SHA1
29cca6e2504a92ce06694d2bcb375296490cd7ef

SHA256
01bcce34947607e49e1558deb2ce135fb7b06961dd451fae2fbcfc044a1e3861

SHA512
d224a3a8f6072c39a1c94eb6b27e68a7d19652fe986a0ca22597cc4e4c848049ba7c8b30a9a9a9d7bb82b207e9049f4ed1c3c0adb8fad4cee177cfddc213d659

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe

Filesize
484KB

MD5
c43a11cbed8e64177e903345fea2cfd3

SHA1
010783331a37e75370fbbd182a63617aab2003b4

SHA256
f15b37bb580846295cd125d8d5db85b02494a6645eb2becf34b37ab884739aff

SHA512
311b3eb1697d5ac45a42109a31e4562a1bb70d6f8fe2d9822a95514067c5641a5d7a587e6fb62956d888abb214f220284e1e408249c13368d69e5a95960770be

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe

Filesize
484KB

MD5
6f21d366b0f0eff3b6f3bdaff153e482

SHA1
6a621a6450e65d16cac8acac73f874f274a41b43

SHA256
a58cf4fba98fef91f3cc7af8b341b7ae086c212d683cc814ccb6c837a34e7a8b

SHA512
5a3afeaeebcbd05bbdeac9681d8fd5933802a5090917ae43a22a57f4a29ac23eaa3c217ad6ad2ba1d56ee46fac1e37f6fab29980fa31b41b86f35f9ba1884cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe

Filesize
484KB

MD5
6907e5372a919fbaba63d1d8936381a0

SHA1
91738c7476a2cd69c0d05d86c114739831ed15d2

SHA256
6ab8c8dee63c1e1f5feebfe989a60ef60e981f4ed88ed8b6db5f145653319837

SHA512
a40a285b1d07394ddae223a439bd6115ed3265020afa5798489e736b17b0e53a6c86798f73d010dfdd0c307ee3f32800647fa3922f466e9f7b5dad64795837f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe

Filesize
484KB

MD5
b4ccd879c7a906299ca3bda92614aeff

SHA1
2847fbd5a7ab3db0d7a362cb342eb5706aaf68d8

SHA256
c2c6e6305861e6021efebd323fd9924b187f9994e5daf4713039dc5ad69fb1c5

SHA512
a26d71c9190385f8c8b36bef44765cf8370d7d24d60d5bd426c9f9e2e954e1d22d7924f14b79a3131b5d3573870dbde00cd54090a03eb828fddb0858ff0e26bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe

Filesize
485KB

MD5
0fcb786bbe3780b3fcc78362c899a1a5

SHA1
b043c025b111936d729a3ea96d3e7c0eb6d4ab1c

SHA256
255ad657f0e74b7a80ddd96fb1e4f2abe1b26b2bedcc0f449e90d979050c5980

SHA512
f2da98452f32609b8e38d63dbd00d6e0ec814ab1eb2626873adfb40cc6db2a94da347100abc580be51415fa3e00feb6b0e5d45abff2d8d1a123e5f39ac2a8108

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe

Filesize
485KB

MD5
32d3112c86bbabe45243bf25974daa76

SHA1
9554d30b7e14a03d715e0b44d3671809ab52860b

SHA256
c242ddd97ebbfea5754aa1404e4c4255e615515f872c2c227da2236fa03e6507

SHA512
57a5bff4661f27bed53d72020a7fd43a95b2f1e23cda18bd2cfc67eb88089f528ef938ecdac0cee45f44a4629e1dfaf30c0af7a97cf8f0477087bcfda9e748e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe

Filesize
486KB

MD5
7b48acd091298c352dae2cccade2e008

SHA1
3c53f2f38a632e1bf97cbf1b06fb07b9ae12a230

SHA256
025d109bba2c3240094b7cf4af43502e4d64b7c3153ea60c1e566fbe8b66cb18

SHA512
3e6bf607a777f7fd3fa993b50aa5484764ad89edd745c9655b0cca339282cc407a1aaff0650c4755e0cee9ce1201503a8f94c6c249aeabcfd7c1b947fdcd4944

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe

Filesize
486KB

MD5
2f6865411519eb9f2cc2be13d172d8b2

SHA1
d8b19debf43852e5ca8579eb7058c6e6278a8476

SHA256
a43b9225ae96a80b35bd7453f8382b6a23967aca90ac933123e66d1bc95e54d6

SHA512
d6190cb32a87a4972b89ffda947b8e5ff33c5019e5f99f64db12b5bd430bcdfc878c801096de2fb9d6aaec2f834cc93457ee5d3ece4103c0cf69aee51116cc85

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe

Filesize
486KB

MD5
831b24e4e3c43d8f9ddca36e58b54ef0

SHA1
68c9e4290a793ea35bb2692b27f2045dd5df2e39

SHA256
66561c3538531545c3e04befe6b3e09ec076f84ea1aa2db803e8588772d6c31f

SHA512
21ea5bde4572556e05cdfd2c3bf3e410e83309e18a1dd4841b007ddb6afd853db86bce5c9670f864f73e3c98222a74e880f173942a5770d1794de6ed92c28064

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe

Filesize
486KB

MD5
5170fddc8d77e31d51f1b5a98f7a24bf

SHA1
1e9c1e13583ec55a6d6ac62ebd4d0216aac65003

SHA256
946b5a7aec1e3e23e32bee1c1c1cdf00d1a7a530b43cb03925628c3087aab617

SHA512
3d565c662c2c11cae17f3438cdffb32d3b653f6d2aa42981e999332dfd2da72c8c90e9b866853123e9ce5e0963f396e0108a1fca5c14147a21258ab18e92bfc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe

Filesize
487KB

MD5
bd68b90c6f6bc07d8dbcddfdb201d2bb

SHA1
794fe58f0a8344d49611b969fc2d0aa597e501b5

SHA256
bb26a2ee3e60a59446f739825e3372793ab6dbabb0392f2bea4ce6300c1435b5

SHA512
c3ced5409db97c944871793b2c3771d449f5895aba40fd6eb407920bde21f3ca46595db1ae2bcac84266851e5442405992559dea75be463ce39bcda7f0666bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe

Filesize
487KB

MD5
ce31c8db6837e0962e4516cd0b820493

SHA1
b6b79ceafef117eaf28a97f53b7959aaa388cd6b

SHA256
6df398060f2a87ab15566a510f772d20d14c84c626abd771b74ac9cafaf69c47

SHA512
d3ff27e92e4db064b679048ed956b45a34d9d10f845bf8df3cc705daccb37642ea04315d7dba7b3efae4817c09433a69d12d206a570e10fc9c8dab2d4480ba3f

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe

Filesize
482KB

MD5
0bca41ba4d95ede6fb7cab58425f4755

SHA1
dd18241ded2e8829c0111d064ad765cb93b270ca

SHA256
cc12499bd37bcfbb6fd596632188628c4a73c2c000daad90bc091ca1498783ca

SHA512
1ce0e9d5b908c4ad86cbf3b216666ee97de8398e155f8e666b3cfaad0af73e699e8aaef64b33e2dc202d7995f54295dc9883052a1fa8546649cb4cdd23d709d9

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe

Filesize
482KB

MD5
6348509c3bfeb773416d3c54057e2883

SHA1
121ed42854ac7694c8c52735abc93c784323e2c2

SHA256
e2f7013dd1702b9db2445dd03c9196bddcc8651788dda69140e53e377e4204bb

SHA512
fe4e10e6e7ebca9565b473126d9bdf4c89e6f7a0738a69e11ad4bcd2df616f72d33620eb970f87bdd05c8805ade4da7812c490b7c44b4f37e0365b0407615c43

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe

Filesize
483KB

MD5
fbfb2797f96445739cf511a26ae11965

SHA1
bbac9260302ade22e97c994cf3765fd01f9cfccb

SHA256
3909212d1fac1240156dbaa50ff1ff114dc2e3938ab809f65dcf7ede7295c321

SHA512
cfcdd1dcf495b2a2703bd35329398d7bd06cd2f121cbc8c4c17633e2f92b9088f86bea3c7e9b512444f6051b9761125fabb04c89f0de407c2a87d1cb42c78f90

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe

Filesize
484KB

MD5
6e2044516444895ce69067830b8cb9d0

SHA1
d7cc966967e0bd4e296db808735d1ae35912dc1e

SHA256
803bd07de4aee3f06b150758f1840e5564b0e6762ad32d93009e3e5488887040

SHA512
bf2a660326d17bc8f0988cc1a18fa68f972dbc35690bf88cb0f9db641dcad76f2c21d27f2798fb7fb18ed289164f5a0e495e607939696a6b639a1e4724df22af

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe

Filesize
485KB

MD5
9c860fc4f372d44b0e86ce43752517be

SHA1
cdd64558e1c0ab5af2703098fd737227e7f7e73d

SHA256
5fe5ab9923e3bcc94854865bbf711dae09e8fbc7a29c640c3531bc2bb20c67f3

SHA512
e39c00cc00d0d8ff99ec4a0bddc2fa9a3e7c2501c08b6f86e38525e0853cb7264e86110e04f306d40f3fb9779d365d80972d016b114c81194f7f6d99b20195de

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe

Filesize
485KB

MD5
448c88c47f633efccea143bf494182bf

SHA1
4b86105c371acb11a874cb002f5be79a806ca582

SHA256
4e489604117a4fde0ffc405f4ba334d929625198d5665b1cf14de92ca5f4ac4d

SHA512
b4fb4c19941e154302d9bbe9e22e2e6ad611ef6e20237e53b0adb3348b263cec9f8b180c5c1c187707302a710aaf835d12d68813df0346a703aa446661c88e05

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe

Filesize
487KB

MD5
61573c9e73d477b52ffda0ad6ef46d68

SHA1
0723f04398e08363da3629fd8d7615db2c9b86ff

SHA256
7b3899cc586bc7d75aadb6c160010d027bbbb3468f75fc4e9227f7ea4b709752

SHA512
116d1ec493d1861b7efd26746c91288b66d3e7b41c0fce18377a7a7fbd70a4cd5225b581468e322817b6cbbd8d09eb5f8b14f7d4fd1c7e471e22c1259c421c2b

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe

Filesize
487KB

MD5
054f43d42841804628a0fa6a6ded5d08

SHA1
7bcf9d586e55d18efda0c6cadfa31801f5b94b4b

SHA256
b9f4d7fb58d590af661c668ebc8d4623a77a7c030786a227c9015eafaf52f91c

SHA512
6fcc00c5ba480130455bf079696c1a2b8c77ceb0df610a71c8ea94723cdd0ef983718e6d03a17f7837d0358bb7027856980e933f4efc5ea24fc14a7c94da4836

Download Submit
\??\c:\users\admin\appdata\local\temp\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe

Filesize
487KB

MD5
d754d3d36b7bf0c6328c37aa994fbd3f

SHA1
558726b26239163760c7372d79ccb9626ffe866e

SHA256
c65087b3b0bdf890e5e320382835f90c49b4f4fb498b1a8927942d53e2918166

SHA512
cfb68364a215c02da2613409a746ec3f19c1fb1c563041634dbe0439f3abee6b39223ff6e97555d881d3df10d6700a76d3e3ef5199ff327b656941e95a0fc36f

Download Submit
memory/324-51-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/688-101-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/940-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/940-8-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1000-240-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1000-229-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1856-267-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1856-255-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1972-121-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2296-71-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2308-81-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2432-60-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2584-163-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-10-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2872-195-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2872-203-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2920-251-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2920-257-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3040-137-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3040-147-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3192-40-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3288-174-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3508-194-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3636-213-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3704-91-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3968-243-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3968-238-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4128-183-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4128-172-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4484-269-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4596-109-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4636-129-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4716-153-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4716-148-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4972-228-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5076-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/5076-31-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202c.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202y.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202m.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202x.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202a.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202q.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202w.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202v.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202i.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202k.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202o.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202t.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202f.exe\""	8793bc6592be7e94dd3eb7d7e82c8290_neikianalytics_3202e.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads