4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
Size

395KB
MD5

caa424bd1828c9f2238e4c3d60a2fa50
SHA1

ecb1eb8a684df90badfc657157d9c6dbfed0b556
SHA256

4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6
SHA512

02c7755aad2d1addf2a3073f48b93ba65c031fd9d0a68a37e9b88e5c486e5eda050ddc3c0d6ec40a2ab51183f600a052db31192e446ca565a497620040f7b50c
SSDEEP

6144:it03a62hzpSNxV2qcJVLNyTiY6wDyIJ2r/bDu:Os52hzpHq8eTi30yIQrDDu

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
840	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
868	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
1752	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
2020	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
1244	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
1932	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
1724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
1612	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
1916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
1096	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
2240	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
840	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
840	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
868	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
868	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
1752	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
1752	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
2020	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
2020	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
1244	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
1244	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
1932	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
1932	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
1724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
1724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
1612	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
1612	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
1916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
1916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
1096	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
1096	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 1bd8bfbea379b4d7	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1632	2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe	28
PID 2916 wrote to memory of 1632	2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe	28
PID 2916 wrote to memory of 1632	2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe	28
PID 2916 wrote to memory of 1632	2916	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe	28
PID 1632 wrote to memory of 2568	1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe	29
PID 1632 wrote to memory of 2568	1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe	29
PID 1632 wrote to memory of 2568	1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe	29
PID 1632 wrote to memory of 2568	1632	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe	29
PID 2568 wrote to memory of 2724	2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe	30
PID 2568 wrote to memory of 2724	2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe	30
PID 2568 wrote to memory of 2724	2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe	30
PID 2568 wrote to memory of 2724	2568	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe	30
PID 2724 wrote to memory of 2972	2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe	31
PID 2724 wrote to memory of 2972	2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe	31
PID 2724 wrote to memory of 2972	2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe	31
PID 2724 wrote to memory of 2972	2724	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe	31
PID 2972 wrote to memory of 2664	2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe	32
PID 2972 wrote to memory of 2664	2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe	32
PID 2972 wrote to memory of 2664	2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe	32
PID 2972 wrote to memory of 2664	2972	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe	32
PID 2664 wrote to memory of 2540	2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe	33
PID 2664 wrote to memory of 2540	2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe	33
PID 2664 wrote to memory of 2540	2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe	33
PID 2664 wrote to memory of 2540	2664	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe	33
PID 2540 wrote to memory of 2332	2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe	34
PID 2540 wrote to memory of 2332	2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe	34
PID 2540 wrote to memory of 2332	2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe	34
PID 2540 wrote to memory of 2332	2540	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe	34
PID 2332 wrote to memory of 1808	2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe	35
PID 2332 wrote to memory of 1808	2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe	35
PID 2332 wrote to memory of 1808	2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe	35
PID 2332 wrote to memory of 1808	2332	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe	35
PID 1808 wrote to memory of 2672	1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe	36
PID 1808 wrote to memory of 2672	1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe	36
PID 1808 wrote to memory of 2672	1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe	36
PID 1808 wrote to memory of 2672	1808	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe	36
PID 2672 wrote to memory of 1616	2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe	37
PID 2672 wrote to memory of 1616	2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe	37
PID 2672 wrote to memory of 1616	2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe	37
PID 2672 wrote to memory of 1616	2672	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe	37
PID 1616 wrote to memory of 796	1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe	38
PID 1616 wrote to memory of 796	1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe	38
PID 1616 wrote to memory of 796	1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe	38
PID 1616 wrote to memory of 796	1616	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe	38
PID 796 wrote to memory of 512	796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe	39
PID 796 wrote to memory of 512	796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe	39
PID 796 wrote to memory of 512	796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe	39
PID 796 wrote to memory of 512	796	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe	39
PID 512 wrote to memory of 2416	512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe	40
PID 512 wrote to memory of 2416	512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe	40
PID 512 wrote to memory of 2416	512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe	40
PID 512 wrote to memory of 2416	512	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe	40
PID 2416 wrote to memory of 2300	2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe	41
PID 2416 wrote to memory of 2300	2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe	41
PID 2416 wrote to memory of 2300	2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe	41
PID 2416 wrote to memory of 2300	2416	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe	41
PID 2300 wrote to memory of 2660	2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe	42
PID 2300 wrote to memory of 2660	2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe	42
PID 2300 wrote to memory of 2660	2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe	42
PID 2300 wrote to memory of 2660	2300	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe	42
PID 2660 wrote to memory of 840	2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe	43
PID 2660 wrote to memory of 840	2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe	43
PID 2660 wrote to memory of 840	2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe	43
PID 2660 wrote to memory of 840	2660	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2916
- \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1632
- - \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2724
    - - \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2972
      - \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2664
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2332
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1808
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:796
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:512
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2660
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:840
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:868
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1752
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2020
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1244
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1932
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1724
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1612
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1916
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1096
        
        \??\c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe

Filesize
395KB

MD5
267c5c17a761f356549a4bc26fa0112f

SHA1
6dd1caf15540a2d7242076ac30a7232ce59d7045

SHA256
12e9d51869f06ce64dc1c8bb25ba5d0f73521ba1ceda3cb539e3b58cd5f4c122

SHA512
34b4698780f345d3997975cea60f9b0d971b106f7c8eac308b4caec26968f721806c28f266a50247a8a57ca8cd17ddab3910b724bd1b44ccdcfbebbae68f9219

Download Submit
C:\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe

Filesize
396KB

MD5
09426d620b4d822fbd0b2056d8516fc3

SHA1
6ed8bf12cab924036332621011cf557702d38994

SHA256
b8b8207b99aa4181bb0b209e3a30b210b43991f6d4883721d5bf20070ef51626

SHA512
fc9b9f1558251c526d0cf63d833c6d6a67900deb164a62953fccc0b0792e089e98ad80b607fe154aae241deefa84d35804b467433a1dcb3016b4b9b2fa9b63e3

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe

Filesize
395KB

MD5
bdfa0dd6d6385f31ff6d84ce0e6180cb

SHA1
4e5633518c3d198ace9fae57a3614a537decbcd3

SHA256
08195ad3f135a8d2d1a32b6c059a767f4643feda099876292743a4a5dc47ec57

SHA512
e1bfaa655538e8d986d248bba7b6ad7bb76bb92fe6db3563d2b520967953182d44b97b55ed4dc2e74e99033f319eae64f9912dfac3d6046e56c978fadfcd5a1f

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe

Filesize
395KB

MD5
7b95b136fdc9a2b2ad9e7d5cefa20ef7

SHA1
d703b8366c94abe5a230e007513a15dbbda3a8a5

SHA256
3e8272a190c4bb9b9c3e70aec481ae7d2668422ef8cc622b379789dc51373447

SHA512
06cf1507087b09c1c4728b0a47c2fa6d04f456bf1b21a0ee77d83b1fc92a08c0efcc0655e5316d7a077e5859578856746de3493890dc15540d7e7c74ad3f3f02

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe

Filesize
396KB

MD5
92e1e6eecce89fa4b021260320bebf06

SHA1
30d59158d147f5ff490de8218183c96b4fef9012

SHA256
dddfdba04bf20dec77b36f1430430ce9f1c8f7caa612d150e7fb74c04d2da641

SHA512
1e069aff6565374ed69e34f0b613a0d1923225834a79053854688e462ba381e2b35bc86d14a274ca74f2e94f816eeab937fa81d828e27860a520c27d7eeb9459

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe

Filesize
396KB

MD5
490d9a26504a80f8ca0005ffc15b46d7

SHA1
93a66870962d6a452ca3f1db2996ff3929cafe29

SHA256
557572059856a0682fb403146c8724bac7b0d0b58ee84c940fb6f5cf99182237

SHA512
f5ee6af09fee566e0a1c341fd9756ecd94877cfc0580b0bb53bbb8d9fd475635db2a91c0b9b586716b3e1da24001907544ba0dde2ae6e785de3f37970dec3167

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe

Filesize
396KB

MD5
36da970b5ceddb950fb8da7f320398d8

SHA1
7697d9b4a97c155c820634da35616bc94297a0a1

SHA256
9547bc20ceb8e48aaf11251b8803a13660a05603bc85b9d9c76b5effa09e052d

SHA512
5680e3ad1318b1b379f45b6dc656b3da85c3bd89890029e01a1d1ddac89cb845879d4060f2da762eb1d0cede17805574e5d74da2b6f9c91a2f9656c33d8c3c93

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe

Filesize
397KB

MD5
662057bbde64b668b03178239590f215

SHA1
ae7140958ff3b779d753b44364bc0dbb4d783426

SHA256
7225d07812f270c1a6fd1444ee99e3aa3fc6fe5ad9c7ca6b71d7a25a007e974d

SHA512
cb992e7079e2d28bb44f2f3c33ea75bdb0445050312b04e46349cfd8d190e230b8647eb9d53ff968487082be67247ffd4df51a36dc925ef607c70b18332320c1

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe

Filesize
397KB

MD5
47daa359d0c2504045886ebfa9f1ff16

SHA1
7fff1cc18107bf7a5356d20ebc6827a3b5a1cb32

SHA256
4cf989bdd90a99154aeafeb7a0f96b51bc169398cb861915024d917e53e61225

SHA512
b977a264d06634965ae4b2e0ed18e7c9eb3e82eef68a045c62dbbcc848e353f214ec2a6ab0b17b930ba96de61f62c32763a00d53a5009dc75428327fbff39f81

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe

Filesize
397KB

MD5
f120ba02aab4168663805dde0dd27cef

SHA1
c11154efd136bd0d74018d90be1538cd0ad1d412

SHA256
b1b7cac9640db155e3e9dea69875950db457113c7c982820121aabcbc0645152

SHA512
4524d794e73e89e859f94adc6222c0ae56defeb5c32f9c585ab869166309f6837d4675f822d927a4fd2f82a9d264002314c1c316d24a5c3be24d371620c18128

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe

Filesize
397KB

MD5
fdbc642745653a7a760bcc1b4ccc4afa

SHA1
fca72b0c3b772818f080626f73726c4934d1099e

SHA256
0d9442b9941ac872cce85a6b7e730f9ef0421e92ecb663b235fd4e63f900e261

SHA512
6fc101dafd1bdd1e743e16c4561142ad56c303d75e4204b9ca8720efe58f37b84f75dc9c631b16ec8a5425637e3f3545ead18e77ec9189b3db3eb9aacd88da55

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe

Filesize
397KB

MD5
fbc517ed38a9047d11692b065886ef54

SHA1
99fc51d1eb4f91245c905e973ce297a64914b8f3

SHA256
c6064fd0a28dad06b4b4ce26f188c68ad49183c08302cd6138f4d6b4687ab62a

SHA512
2853f66bd0ced15104b82bcc40122d3266aea42a1a7a0c5cadb5c1f8d6c4b62267a86ad7ad095e94c6f77e66c4c3a56d175c61d4519368c605dd20caa6cd3074

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe

Filesize
398KB

MD5
7277278d2beaa8c715aa7854ad17540a

SHA1
5e6916ed7cfb0316635f4512e86c0b33b1867567

SHA256
7950df29db7bd2d1819e39d55f34f4a32e0c5dd4dc058433bece30ddd024cdf7

SHA512
d3aa1dd915739570b558d4232593fb05f7d12e26b7d7f532748957f6feee1fff77cf08113b8b03da6d9c96e582dcb2d2dd2fb386871b0e88334768d68d7af25c

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe

Filesize
398KB

MD5
0d083d3aa255401d196daaaa5cf96df0

SHA1
a80825b12d9dfdeb853a1f47ef2349b56b7a3be8

SHA256
19d478395aadbd2d903f82f628bba4cc85a0a870d032e3b30393e6300854705e

SHA512
e0be9362774b66ef46f7bfe2eaaa2dead32a0035b482b478688cef05241ab12fe578ed49b0d9b59c81e9b77d172c01c04820116dd158eb50684e08a39d3e39b8

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe

Filesize
398KB

MD5
926acb55499386d16f65816dd5da3b8d

SHA1
564918af5e5631f2c5c424b5a2ea167ec1e5595a

SHA256
c266f822d7ecf49603c51f08dec03d5265073a7d4b315c9706b20c06603f3d45

SHA512
698b994f4eb6e43874c01f8ac65d21ee135c92476a62bcc036e75c907c5b631cff6fb800c615af574a354d26c9ba991472542e4f1202f9a1b32d41fb1e6ad5aa

Download Submit
\Users\Admin\AppData\Local\Temp\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe

Filesize
398KB

MD5
36d454df7594e2d7daa0acf6cb178338

SHA1
eed506af6436c91dc1c5c54416415408f1182e5f

SHA256
3544652841c95775023eb0724b8eed6e116b5b06c2673cf18f8e97ffdab4bbf5

SHA512
13991d97c652be1c013f60baf1cbabcdc87590981df766c9322b8572a82c505a7ec8c18e1a8ad14d774991326875381442a152bedd6fe04745b66955ec4b60d9

Download Submit
memory/512-190-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/512-205-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/512-204-0x0000000001E40000-0x0000000001EB9000-memory.dmp

Filesize
484KB

Download
memory/796-174-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/796-189-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/840-257-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/840-269-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/868-281-0x0000000002170000-0x00000000021E9000-memory.dmp

Filesize
484KB

Download
memory/868-270-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/868-282-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1096-378-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1244-318-0x0000000000360000-0x00000000003D9000-memory.dmp

Filesize
484KB

Download
memory/1244-319-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1244-317-0x0000000000360000-0x00000000003D9000-memory.dmp

Filesize
484KB

Download
memory/1612-354-0x0000000000640000-0x00000000006B9000-memory.dmp

Filesize
484KB

Download
memory/1612-343-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1612-355-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1616-172-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-33-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1632-26-0x0000000001D90000-0x0000000001E09000-memory.dmp

Filesize
484KB

Download
memory/1632-17-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1724-342-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1724-331-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1752-293-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1808-142-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1916-367-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1916-356-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1932-330-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2020-294-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2020-305-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/2020-306-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2240-379-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2240-381-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2300-231-0x0000000000380000-0x00000000003F9000-memory.dmp

Filesize
484KB

Download
memory/2300-238-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2300-222-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2332-128-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2416-221-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2540-112-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2568-47-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2660-254-0x0000000001E10000-0x0000000001E89000-memory.dmp

Filesize
484KB

Download
memory/2660-256-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2660-252-0x0000000001E10000-0x0000000001E89000-memory.dmp

Filesize
484KB

Download
memory/2660-239-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2664-84-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2664-97-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2672-157-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2724-58-0x00000000020B0000-0x0000000002129000-memory.dmp

Filesize
484KB

Download
memory/2724-49-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2724-64-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2724-67-0x00000000020B0000-0x0000000002129000-memory.dmp

Filesize
484KB

Download
memory/2916-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2916-15-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2916-14-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/2916-13-0x0000000000480000-0x00000000004F9000-memory.dmp

Filesize
484KB

Download
memory/2972-66-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/2972-76-0x0000000001DB0000-0x0000000001E29000-memory.dmp

Filesize
484KB

Download
memory/2972-82-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202k.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202y.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202h.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202o.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202c.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202e.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202j.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202a.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202r.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202v.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202x.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202m.exe\""	4043e0dbdfff46f7a5bc4bf02fd2804896ccfd87030042b042018010a82e06c6_neikianalytics_3202l.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads