azov | 67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
Size

1.1MB
MD5

6fe3ce390f1edf64032ad838bc39bda0
SHA1

b62a449537a71eadadb9c561172fd9552a5f370f
SHA256

67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45
SHA512

a8b90e7d9a1e4c646c9ec3affe7f78eeae08924114836465f6f8d29a9c94a5879b4e2ba6960f08d560533102cfc169441bb1bb4446d94df4ba13bc77348f4033
SSDEEP

12288:puKXlB8FBeASZmi78Jk5HWVFeq9J8ng/0paQuj30s9fdD02fKBjtp/TEboaOvklG:pK2Zmi78Jk52qw860GejrbeCQe/

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (14349) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\R:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\T:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\U:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\A:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\K:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\N:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\O:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\V:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\X:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\G:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\M:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\S:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\W:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\B:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\E:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\H:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\I:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\L:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\P:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-256.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-100.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-150.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INF	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-400_contrast-white.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\resources.pri	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-white_scale-100.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_opencarat_18.svg	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-100.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\ui-strings.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-100.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\core_icons.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELM	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-125.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-32_altform-lightunplated.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-125.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-256_altform-unplated_contrast-black.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\framework-dev.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\ContactPhoto.scale-140.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\ui-strings.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-lightunplated.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\MedTile.scale-200.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_SplashScreen.scale-100.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-200.png	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\th_get.svg	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\uk-ua\ui-strings.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ui-strings.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Extensions\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\RESTORE_FILES.txt	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\offsymxb.ttf	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\ui-strings.js	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1620	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
Token: 35	1620	67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67c6f60c7103e359f782650819bb42abd21faf0179214bc13194166248494b45_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4168 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg

Filesize
7KB

MD5
363fb7638abf2ff2906dfb4834055424

SHA1
07a2c98e224597c418cd480089b8f3ee53e379f5

SHA256
55681c4b8e7dace74692da9859af87d2892673e569d93152cc4bbc7bb9ebc666

SHA512
16cd67fbd43eb28ae8fa4d4e60abb7e5df5368a01721cb06e5fafbe49649b6eb5d6a5197e41cb48d46fa9aa3e4108b3008f6b11869bb1d4ea4977afbe493487d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

Filesize
296KB

MD5
60f76f8cffc5516a325c4bbeeca44293

SHA1
23c5fc2358ad8a5561738387ad188581435c1c80

SHA256
c92e4623f212dc902b65759afa177409ad03577fe9f52a532e400eefb4a0a57f

SHA512
c08f0dacb0716dfafa3d7bbed814a866a3b4b5acdab111fa05e5c14abcbf7a286d171e36328811a95a1ee451180bc0174723044287a19a2d22f697411cbb553f

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\java.exe

Filesize
333KB

MD5
c7757b6c7cde8b598971437c24fc2f48

SHA1
4ae9779291c427fa82567042e4066ab76c37f140

SHA256
73f1d81485f9b5dcf8076bf501c76a675662f2ab5d720f0367c5a4365d8b5bff

SHA512
89504feab620ed3647c1ec64fec5c7cde967dbe2e65ca4eeda2b71dae8ff82132d284e60a0ef9d21eadd3290e5ff86a382102b65695c6c7e6aa2ec5cef723c5e

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe

Filesize
333KB

MD5
7c78d8f7a07d593fc77e932017be765b

SHA1
cdfa0e9ba5faf62218998e9017a6216b6e464519

SHA256
e1a46dad94fd7afe6000774d3ce41efc6aae2de3621ab87e6ba769d8c3d533c1

SHA512
d545ace6191ed9cdd71caba2736a2495141664798e97a0df1b493b420d9dedbe14748f2a893c445ec91392b76325812ead179d4bfdaa83f7b922a01be2d75f1d

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaws.exe

Filesize
540KB

MD5
8763a749302c2f040ed0d957b0345ff2

SHA1
e74eb608c51565d2bad7029afeea1a78e63ab59f

SHA256
ec27780494764cae1857bc314b497812bf28d046bb6961d8a28ba579b8e77962

SHA512
73cfc4d1e657feb22e3ed48950c65ae4f0679d2a6c1e0fe03edf3fe54113fd86e25839fdcd89ab46f6719e29c38c4be2232ec9e7b7dfeac82c276b8c5cdae523

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

Filesize
454KB

MD5
a534f946b44105a02a19642ec12d8c4a

SHA1
f4fbcb9eafe27b1b72327f8236708a24b8891c4b

SHA256
2ec4d6f0a67c88df22663cdf995a7b6f1c48dc9b8e8ec4da5777cb1f5d2c9bf7

SHA512
40db868849b4a8b2312844c4cd21e6a34c427c860e8a8cd06cff99ba72ba9f7a46c90cb14c43dd10c7ba5c275ad01d5d5f01d2231497a7f6bdb5fde3f00b82d0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\ie_to_edge_stub.exe

Filesize
596KB

MD5
c619f4c7b08cd31fbda736653c799cfe

SHA1
2df7b665f1eb9d83c868f02235c98241f19d82f9

SHA256
54ef1bde644af3a346c3275bd0536257af8b92f58344876c8451be91f423eefc

SHA512
b607a973bf92762be6aa4efd08c6a3d927c8e365cfada29c6869da9e4313ab5f49d09b4862563d4f0ebf5262b809ca3e13b47703ca9fb7a45a4edeaf982eb66a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\Installer\setup.exe

Filesize
7.0MB

MD5
5cd7a20a595fe8254266de7a11bdbc9e

SHA1
5d86825bd393f11abd66ffb0932e90b37ca61e9e

SHA256
65467043cce3a9293c139af908724e61d7d2379ebcf55db6447ef9de419440e6

SHA512
0c6e681f9f85fa53f2f18a1a5e69afec8e2ad5d589025b0fdc59cd4d6b749070542ac02a1d7c01812556845d157384eb7a769824e5edf04809462f62c3012e91

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\elevation_service.exe

Filesize
1.8MB

MD5
dc7f7100c27c42e2bc134a0c41b2fda0

SHA1
4f54cc4081f57429f68a3094df142d84506dcaff

SHA256
6a88db8c2b552b55e2009d351e02f948f58da9a22fcf9aa6b610a963fc1503fc

SHA512
b10a71258074018e2b92da4ec096de28ba841c46b5f660ea2caa01c7cf8a88967f553e0385f297d0d64ab4d79823d499fa5b961046cf644244fccd5ebf29243e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\identity_helper.exe

Filesize
1.3MB

MD5
4828c87ea62fe13cd470fc5497f7abd9

SHA1
c211490bf505903cdca9b3ef4758aecf745f97ed

SHA256
621bc27ec3d2ceca1fc708b067a71d7085d5274b9ea18acc12c6eb93702a0792

SHA512
053fe56fe94e92bd2040a388b6428429b54e749868b5f09c59d974070ca97e5e25cc733fd8c7eb5f8631edb8d73904b474900b1bdfc4fdd1ee313d6ed22b98c0

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge.exe

Filesize
4.0MB

MD5
4208bbd2a343139f2d2b9613677134c1

SHA1
5f54cf3c7252dffbbe9c4c1dad7cc9abe3c7ba68

SHA256
dfd7963def78029ca52d29858c9c7c477faacee2fe42522a3f5372a5d573e926

SHA512
47063e3c87d1b5e127e551e46928bdb533fe43f2b96e92fa3f300ba8439e68d839e2b70ae4e219dbe20097e9fbcda9b9c7301964f5d9b2c928d07138fc9dd514

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedge_pwa_launcher.exe

Filesize
1.7MB

MD5
103d9cf7161979dd73feff611013a37d

SHA1
3a158c8198e602037c3b53384844e98de04cc346

SHA256
66e962c7ff3c5a7038b9739a5dfc5203056401ddd52e64425ceb47766fed55b6

SHA512
4863586e120f12b1e0667f5e6d9a3153fc8bf7dd65068c487ec2ec51d96276a6d1b651ccdde81808d48ad262f2b3293179272c7ca2965e1b62866457bcdca1bb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\msedgewebview2.exe

Filesize
3.6MB

MD5
22fe290057ea2f29a4d2b2d2d00c7703

SHA1
f5b07ca2b834e02f8fe1c3df0d501264c4624e1a

SHA256
484ee9f9ad7e4f277f9f70442bb5e47a4f5fb59f25b0fc9fbe22abd378ce2f01

SHA512
5615e7376a7872eed808370a54e0222e4ee6aceb7b442c75048c3858477ead3575acad23a755ba441caf6a60c8dd4eaee889d023e1b91db15cfc9a391f3f6230

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
266KB

MD5
b6cc134bb782950316b71de4df4d951b

SHA1
c54dca03ba28285edd671b48f1878aba5b919971

SHA256
672f37412c0d0e3c4c25db3b76d194e5e6e61766876cbd3dfd0e94de0a794125

SHA512
1df26dc0edb1e88fcb0c8db231b5213d5d60687d5cc3021ee858c04eeb3d82869f50c57743c0f0c83841524aeb2a660b2a36f6cea85077185e5ba1dd373ddcb9

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\msedge_proxy.exe

Filesize
1.3MB

MD5
45a5a19324f165006d0f6adbdeacd179

SHA1
94e0115ef649360df707bb65886fb631cab67fb6

SHA256
1231b3e6a82d81565b0ee9c2d177d71f9967b87633ed25f0ce0401d60995cb4a

SHA512
09210ef4f7dab9cfdf091d5b7c7f0735082af14a978454c51915832fe555241d52ec7078139589c4ffcf6271848a602f1a518bc035ef58f075ce24cf52a6376a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\notification_click_helper.exe

Filesize
1.5MB

MD5
0b8d8e6e80a03ef0c9a22adce5edadf7

SHA1
2713b17d14356b68afb59b55c7ec4b3a5af0a01c

SHA256
7f39f6003abd13f5969d6d0e52a6d9cdbbf4b78d78f83b87d5e5144c9c8c0d56

SHA512
002b979ac3f6de11c02b56626a138c2390a60432e36ab42570b1f6565e59f0eb67e0d182ec0063aad1c2e0ab1d81ba514b92b8759855d360e3e3f05aa34c5636

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\pwahelper.exe

Filesize
1.3MB

MD5
b8cc62ee097145b7783b5b0751aac590

SHA1
1520fd90966a091e0770db9caaaf22e2639cb355

SHA256
afef4ee311f5c52248c2cf2376cb2d4e06f4794b06e1b44d1c987c3a97ccd526

SHA512
a8107255fa57f000e220497d0446f9a2893fede7a3d6a35fcbd2cfb97e984b2627d9f1dad2b78c95d77aee39007f9f1cdcef8721c2aeaada03fae7d8313854fb

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
284KB

MD5
c15f2c4d7cad2c0036ca7cb23bfae70e

SHA1
a343b61cb1fe6b2efc3f9fb7904a487e506ef8a6

SHA256
f46b5f316814c91af115b9572073f235ee46b5a83f6ed9d88d274a056e7bd730

SHA512
df31ac0a8081997073f8ecb78987d133961c18b9a8b93b43ec4748ae88964316ff795950f17a04eeedddcb0baec9e8d1e9590ea0608cbf572fb3827d27798999

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
666KB

MD5
c45bb736ed97211ffdc4cfcc6531eeaa

SHA1
1a1ca8a679bae660a8bcbe92be1d48b0efd7e19f

SHA256
9b2661acc587c46695e9adc756fdcfe9bebab03f059f0f0834d5de09c7bc7046

SHA512
513b789a7dbe348922cf70513927b36bc3f2ef838ff4502d8f15e1cef82b828793035e83a1a1b7078e4fc026de8007146b223fe40ca0fed1eba47936b660b626

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.1MB

MD5
a61df3f415c2026f6a21f1aa0b780abd

SHA1
b25db74d9d885adacf35e0ad26b25d2370a053bf

SHA256
0deb7a8e892dd1bc3142cf766794f428e0a749f59df11c9e25a7daab2ae6ee4e

SHA512
f474b4e71a33f6859138e8eed969a87c31f1970d65b97cfb1c28d4e46909a467f30c13c5ae9a0b24d58cdc9eb1c1054bd3f26798b9bf121899e109c2434fc664

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
832KB

MD5
a9dd7ed3472c5e4f552851747fe6483d

SHA1
8b3a609108d5602a2f74d39a85d2e52bb34d5148

SHA256
19a46e19e84db2b9e696156808eb576438c02be868dcd1d962e2d3014c1e3245

SHA512
6cff8cfb311b80f044d25341ac8ea0122f02d56d9291fb801d71afc5207b5b5d738df670f4144f8f550afd8d00c8d07307f47e96df07d297429d6ef3d3753d12

Download Submit
C:\Program Files\7-Zip\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
350KB

MD5
4a3f16f56958b8c7a4c4aa891cae011e

SHA1
90d473ce1a326aad6aaf9004e86be4868eaef550

SHA256
a081a44cbdd944ea4d3ff77c50e24444f8c9d86f0396f2f41ddeab0f447b3de5

SHA512
64dc79e4bbf424fe14e096587c6d01497c657fb893f50d41d9dc7ae37d5a2120341ad8ba365e90337f20b5c1a8ff1e3ed380206d4f11f81fd37e036d4c8e5a20

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.3MB

MD5
bc6aabebc02f001527d66c279b3958b8

SHA1
15b0e91bc52788991155e0c8abb519d719522011

SHA256
035fa2e9d66609396e56462e0f7ef47d73dda193180421505af5a7042a3fac02

SHA512
250cabc2eb425a452e5520166cc31d43431b8c2698c8c201ae153d757da825e0928dfba18e286170a5014d9b33f6f3ce3e97a409ce19d7d460993d65c1dca37c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.3MB

MD5
48745b2f66790dc61b082445b1d8114e

SHA1
0ad1e0b9001da726e0773e8a6279525e40de7dc9

SHA256
c9400411da768a20e89cc45cd08d95d9d1bf85990b777bc038ebce4721cfb13f

SHA512
dbd4011a047e9986ade4744d11eee9dc3c06d6664b9a64a543655b200c0379d2c28852246aa02531a66dc193984c84ddfc9fe80c3012c033564fa3f324a31cf5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.5MB

MD5
6d4d5556df62769c6b97b9efac4c2230

SHA1
89158d3fa5998e0ba8e42f7218222a10e432394c

SHA256
3aaa35ab5823da010cdbae227e57d723754c1b87453fbc9b5b51234309b777a8

SHA512
3583f5124c5722ff97e15b3df09a39e1a02c9675f5b7a3d32a18bc6e4ae582cd702ee863500e84bb41fcb31827843f1f758aae5c9301ceff8cda07ccc4d990d5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.8MB

MD5
5005660f99314133cab1f0feb5f03bb3

SHA1
8a1482b31c7ee7a58ea0ca642daaa7fad55c8ee6

SHA256
14438c77b046f26c152b8181d0f80ed2bcffd87f7e4148a661f5de234f67c1f7

SHA512
dd768fdae68365ea1464b217e3ce05c12a78240c7af39385043334ea0d3f0e8edb459954865a24ef082a19e8473c77a900812ba45f01c61d9e0dff32d3541b65

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
1.8MB

MD5
b296c30b8f48549977bac4b73f2da3e4

SHA1
0181a4c578c4ddaad7c683bb8c6d23f5457a19ff

SHA256
91773af865aafe88c8dd49cfad57991f411562f8ec57beee64e9059ac76a2856

SHA512
0e8aac73861ae4f0bcea67e574b4a4413b24f6059a55391f730a8f99bbb53361aab90c2f373250e107ff7c97c8f0760f833dcec114cb553e9c83191f310f0892

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.4MB

MD5
1761477f5ee4ecfb4d412712f3b51ea3

SHA1
9c10081dfe56e701011d78ccec5c95ba79bf893f

SHA256
d5a46ae6fa6539a7e5c2cde91af761b3149d387510324079757dd733decfa2c4

SHA512
4d5b065f6c38c2b316d501614b476993c501ce38ced23c4f9fe81214da1aae49182b2b298a3267975926e97c6f1b4bff4aed6777dc68a6ecd61f57e8cbe26d2f

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
2.9MB

MD5
d4179c57ccd5c69a4fb457ff16fb8b49

SHA1
a28b1ed9eb6f2bf201cdae21e65809210652e9c5

SHA256
b27f67f0272ea9a87448a44f8de8a866deb7121c32762b35c0a4e25fcae0b7e4

SHA512
bc8256f78f43bebd055103cd55293406927fe73edbbd9649616f586708853fab6208c754771ca6edf6b3fe08d3004317aab3296585ef543c7edfe28fdfc0da09

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.2MB

MD5
f08e7ddefaf164ba80c4c897194e0cf4

SHA1
7a61f277d5dd738e5b5365facae32c98b4f9d68d

SHA256
ff55b6c088d35bd58cbe268a4df762fa4f374a80a611b414af5edfef4e5b92d4

SHA512
c18eababa3d35ad22ef2abcbb35f8ad924752f525130f842b16a20904ba9f60ca8de77393279ed84b80f0b8431b3f85209ea8fdf5a7447bd383e346c042424ef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
333KB

MD5
d4a36b322fe4736cfb7c904673be82c4

SHA1
002e8758a13927efb3132e29972a02285ed7ec54

SHA256
a1cf19965313804246e6cf31b37d2d89fb901039c9bea4bc1e6d443866cbd7b1

SHA512
336211d98f69d700e26abead5828d131ca3ca0395522696cb99590ae38aeea2af51ddce3ac9bdaa115486b225ff09f564766ac0e425faf1a33a6fd3ad6315efa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
333KB

MD5
58f4e5fefdefa95c678026c0c829166c

SHA1
b641ab5790219757ec74b5ead70df260bcde53ea

SHA256
2783c35f4685585fcb91b20f0e76643381d448973cba90163d74c93a8e04a1da

SHA512
8ac1797679d5531774ddb33b5402c6bf7884f4da5d4b43bf42fcf393ff2dd87f334da9ad942d7bc89f132796caf9e2cef1400c8c80699fbd5edd9f93fdb978d3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
540KB

MD5
ff89fa70f88c5f858a88bfd39c1f43ac

SHA1
3c9c57a0d5aad002e00db1795d98754b0fccc09b

SHA256
20ebbb01f7e63c23b98c8b53841786cb24ba867d9529f9233be5dccf0c545c49

SHA512
98e7b9d78ae83aadcd7f7346286041cdfbaaf3431c602e1e9032866f0bc076ce6f3d246f0469c26ba7b8ea9ea511292473e24787e91f8c61788ac6e98688d1d2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

Filesize
333KB

MD5
9e010ed78081db705812499a1a33cd96

SHA1
92048b3ad6447bd3839b3bbca554a75e504b0ed0

SHA256
3e3d5b35b692c5a4156bc8aa36221e2d0e3b57792c2e8c7eb938c939fe2c5abf

SHA512
ab2975f359e4231e319f5444aa4cdbc4b7fd24f4a33d466268fbfcafb8da49df64027e31f2b073224162c30fc8a83e0cac0afeae27d3ab7d7662cd9b0d10ee5b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

Filesize
142KB

MD5
91bad09bb2c7f24ba4d8a406af52beb1

SHA1
a8d2aa26395f492c733d03e5952078f129247659

SHA256
34789187fb747cb51377400806442d1609d8f9e41eb440992615b961c3dd6692

SHA512
a77c19bf9f8cc33e922fe88fd4020d5ffaf8c99bbd8044d9b0e54eff938d09a77686b952ceee3e135ee7a59f528d38d778181ab47e534686172a181fd4dc1f8a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

Filesize
333KB

MD5
87657fde2102c536dc3cf5bc8b7da36c

SHA1
56f30d33e1ddbecc5bf902be334637e27b28940f

SHA256
1eea13ec9d4f07e44190b3640f0a0fa4a641e23df61cbc5dc27bd75a26e9a4db

SHA512
c1206276a5c2ef89389ab72c80e7c6b2e806e1ba6393e3f80f9573007c1a7eb3e6b06fa30e008ba963555176e5736bf51d5f4ebfc533d00642e6e43524cfa23d

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

Filesize
540KB

MD5
39fb12506ae0864fb2ec523211828a30

SHA1
e46adbfe5c9eed9f96fd20a4feff8040b7e7fa66

SHA256
61d863c48f4030302525b9e44a09c880b07bbdde17d875df4ae087ea3233281f

SHA512
1ae67341d442d5b21a3d09cacf087e246af5a81473360eb6fcaa05e3079f99422fee6fd8f243a5780d8767cd21cbca9d49bc7e4136ce501b91979a5b4eecf119

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

Filesize
195KB

MD5
144821b9ef2b950eb8f9de8d05783c0c

SHA1
ef2bc3811fc99b0e241ab6d63ecdf7c20f199908

SHA256
02ac5fccc2d3d077a464af9cffe787aba7f935578df050d589c610c4ef7ebadd

SHA512
50afd2bc73ea03d9241d3c30aac7647fb725f5663f99df035613e47f7740b2256afa7cbb1a4a7e8f20ab7ab53ae94ecb798f9e6e18a1d24647ad5242f2e64e5b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

Filesize
138KB

MD5
740c11170250722fb8d865c1ed43709b

SHA1
c1d63df3004a00f22032ce624449d78d3538233f

SHA256
8d10928599d7fa1a2fe522ec1846ecacacf557b1d7b3044fddb94ff865d207ed

SHA512
a395dc5e1985a34d4203c7c8711a7529bcf460652b64b479cdbe7423dd608cdaeb47132383f2856def5023c6cea649d39eda05ffb53500db5bedf1d7151450bd

Download Submit
C:\Program Files\Java\jre-1.8\bin\java.exe

Filesize
333KB

MD5
d1c040ea2caa34c7adfc5424f333957f

SHA1
7af66253c30428257132d10f0802993eff576156

SHA256
9a12f2baebf05e9a723503e8dd1d32ad1fbb3a6bf02deaa1ddbca480f2a161ec

SHA512
a181ed8c3979eb5a50c40ed37d2d9fd729c049a237404aa2b2ca535bfbe9166e4431ac63a58d1138b6ed07f45696f24e52ba676dd31b1e190a6d10995f855f2c

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.exe

Filesize
142KB

MD5
aa03478026fd417122533f521775b573

SHA1
5452d1eb781aedc05dd00996628c6527114a9831

SHA256
733565cbb5a29127f16b46ed60b630a3f14ae5ff34db1afd313f7b3038b0cac2

SHA512
73e56e032e915444fe18f93a6f9a4590fcb1f5e508d1be99475ac82cbcb16092ffb95ade5cb88c691f704354e6d805c575f2b17856588edf81d5668a56142a5c

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaw.exe

Filesize
333KB

MD5
42d76b59ed65dc60dcd2a48c6d494f63

SHA1
48872bccbb96a464fd03946c8c623617909456cd

SHA256
2de2937c022a54567849c6a56e0ba8d0b9203c66d05f36b40f9020516ab1e6ee

SHA512
857e58cc0167a3c14f6b046b6d8ceb406e467e0b2f83f62b7ce82a9ec2274489985e63956b6b8a2c3d0b518085853e2b915c07b751c2992f944fc234d8d963c9

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaws.exe

Filesize
540KB

MD5
3d2198f62b881140a1bb37aebe1f40b4

SHA1
196ed9715e5dfd53bd6deeb668c9ed6e8d26c608

SHA256
e44bfe66ebd1c7e84a4669225a96363edae2749d21b3029283b18a9e739dba03

SHA512
6b68b7e8dd93f1da5e05d8e34825fe0d4ad735aa18a1f5bbff644a936361239c1f4c6663db971a8b2a38f25398b07d1b9d1b666b2941dfe2293aee5fd2e62bbe

Download Submit
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

Filesize
195KB

MD5
c898492af04219159c04e3ab8db26f6e

SHA1
b2e13b058533e79ee4d9d4d8c4ba5a991e684979

SHA256
da8095ab0810ff06fb2f7471c88dc0a5ec823f99aa097bd834effa87012ac91d

SHA512
54b5fe65d2e3a25e47fcaf849e8cee486caf9298058526aa55e17d4cdde977abac1d87e0014510475ea0b6df8fe31bd0e73f31ebdfa53d81c566e4ac76c67b4e

Download Submit
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

Filesize
138KB

MD5
bb6557c1684f8538a3a57e9f5c03c222

SHA1
4c6ead232434aa420eb58dac6c9329c7ae75da64

SHA256
5baa7fba043530f5aa87b4eb5f71df4c79b1ef0064afed1d200bbe13940911a5

SHA512
9d8ff9abda8d79f1098cefb310c5e03cd6be7a025e226007789c3f40f2077a763b8e27d0d5f0ef06499370ec45ac03a76088b45efc2a3f2333d4cd5a911e8b96

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

Filesize
4.3MB

MD5
d8c20376be599e2a6a1a44923db18374

SHA1
f578627be7f8649a77721a1482d2458adf754eb1

SHA256
5dd2e576faf8a483d7349f80cf63eeadfc43719ba257a436e95ac7e001e4bacd

SHA512
bfd6abb6ca03b2d75c73c1d3aff6d37632b5840f1d8aac8ee3225b5a0b39b00057333b785380a9c100538f8c63232f2a63ffbafdffb1bd8dccebbe260e63b3b4

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.3MB

MD5
ce7b6dd0293f87f441c6a8e3a660e985

SHA1
c3406ebbdab343271ea69d71c8d2d287411c24a6

SHA256
3c881e7788852417422d3fb2f4d6356072f17784121cf1786d0bfd0960ede08e

SHA512
9a523e624e68b1f44b2980a239c2e5b988916582e899ac7c4ecbe6dc16b47a12ded4463488fa616b290317ac0e2e9b139bf0f1e9414d2ed6b4bc9bc547a547fa

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

Filesize
275KB

MD5
543f08bb89778fd98a3b6f993f9f974c

SHA1
55caeefb88355c973c75727478dd2bb085fb4105

SHA256
34fef02831bb077f70ef9be89a9ba1fab1a6cbc52a6b125b3614e82e0db64a10

SHA512
b8dba41a6fd6b9026b3eb77beed341ad87435035951566bd7d167a2f423fb77d66bb350110f5fa90b8bc3fdde5b101e5bca5d05f0162e4cd93bc6992848b2e0e

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

Filesize
588KB

MD5
5351105c75563c3b4d951746a190e947

SHA1
5ce8e807db9cfeb5f3d1cadf5a07eda0e9ed0611

SHA256
333369de87d763204f2144f581d26b2c1b034f1b6b2e256493d698761a22e4c3

SHA512
0952f79dbf29fc86a246e2570e67898789a4e3a9b374fcae8c8a9efe57ad4070d9ff814fa28799f3347da88d391cd29f3a54cbe40fb246b59da8f9529bdddf82

Download Submit
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

Filesize
6.8MB

MD5
619a9018ecd69e4a4eb9ef3b8b3d1e06

SHA1
f11d0e5f8ab92c098c423dc52b23cd49de482b5a

SHA256
4294ceb1fe2c7ece422e2051d9d2a732c2ec998c25adc6cefbb11460418a0bd9

SHA512
88c7d07c382841bb2417be5e536141e461cbee2897b36a752d860085032e5dfe692d6968628632bcb51e42867d5f2737231a453fa19b0519a3b3aaad3dc38062

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

Filesize
100KB

MD5
7cde5e6a5e0bf294fadcdd8e3a15f5d8

SHA1
6fe2d4620c518f91b7dfdb6fda3b70350719bfa6

SHA256
4652d64c2604e48e5a685efd3418c03edfe4cec89ce0956c8d176d905933d588

SHA512
7ac6a27ff0fcd18c5df6b8188d609e901c1d04b708e53fc960d18e5becd748160287b9f15fc8fb19930b9825f0cf3e8db763144120635e621023200a0dda31d4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

Filesize
449KB

MD5
7831e39a766713141a57e10401f926ad

SHA1
b5cbeff650233b00c2c9fc9dcbdcbc9ea7aa5d26

SHA256
752a48e36caa1ade56741b3ae70162dee9ddeb6cadb9aeccd4253bd6012494d5

SHA512
eb1410392f19a5e2bb9694936e69804b63a3c812f693ba0fadb6983afd1f7f5715597b2f22aa05174f77e4c13456c8b350cc1da8b3c65c6f3e3f77a58912669f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

Filesize
877KB

MD5
db6daff3fe99b9082837dc98613f3ac5

SHA1
57a36645fceadaf4d993fd27efa3d4eeb77920eb

SHA256
e6dc83e7aaf6aac08dd5cef63e4515cdfee3843442e84b5b5c9b3cf068aae395

SHA512
23bdf886cfba8be768aae05934e8f1b1d3cc4221cb687d0d259b2b4a9340ba405a05e53e60042f3950d48603ffb5d39c5d6aa1954899bc39a09fb0bf54414d87

Download Submit
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

Filesize
189KB

MD5
792b889e1bdf6211db86a46487450841

SHA1
150e3b68ec982ede976692e4270e8df31ce7b459

SHA256
8708e0a775267fec425939e79797d4a8f61cb4fff50ed3e234dcb55f13c18633

SHA512
03de10766ba9af232fe48e10f7f02d182ab78d3b11d9e95e91ecd9e84692c22d0889f7a9ea2149af057c93fef58f4784b79d422939bb37aefebd878c2a96b755

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

Filesize
2.0MB

MD5
9f35843b8b094915791c6abee2460e8c

SHA1
1e77084c0e255cd7c64d2e8a9bc9d9a9efd38c41

SHA256
848b18614281fd5fc58541821f84f3e36c975367806a9ec3b1ef73e1c10b13ca

SHA512
175220b8ba9e97aee34875f4a1efd9f674108a8f5382f6e2d7c86461fe95a4e81b11b66a243e633cff17c0e27642424c494b3d7a67c8da2d09f23752e287aed1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

Filesize
341KB

MD5
105e21bc5c4524c040bc0428fc09e0af

SHA1
8dcc52297ed791e70f93cb278f82588b68c24236

SHA256
f3bdd0cee867476af3ffe8d902c43859c4d87b8a63bf2529a3d17794482d6a50

SHA512
8f4971ce4d3679f11926c1a208145ee0bbae1707d3480fa11a1eefde0012129ecdafc27fce8933106d0fc6295d9bfcb6806309eedbca373f2013ee5a8a49820e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoia.exe

Filesize
6.0MB

MD5
3d5f674119f3d82b444e1b9fb439661f

SHA1
d8dfe3cc61ffd9a7ef00a22616bb79bc232df040

SHA256
bccdb2260eae260b1305b9c88e10310ded4981512ef609a470b49ac25a637856

SHA512
da198dab550c1349d60d239a3d8973cca80f2c3b17348dacdd987451ad8d1f467136ade15d1b48b2ba92420a95c580af06d41cb354f0245245711b4afb84ce74

Download Submit
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

Filesize
596KB

MD5
72bb85c53590a8dfd0ea41edbfaaaa63

SHA1
8b21bbeca6a3adfa38fa24e27a3526773e6209d1

SHA256
124289e3310a8fdd41510acbd76b2cbc55eae662cecd12ab39749d6a81b5f98e

SHA512
6bc2fc6a24002cfd7903310199848cc2ca64ffe928e4d6713cfd0f167e8f374f306f8fcf60f6ff460ba975af5411549dcf17ab19d71a4e93a94b90a00776b008

Download Submit
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

Filesize
6.4MB

MD5
7a82bb84dce9fb213ee00299af09b9c9

SHA1
2e3b8bf0fc54640fbda8d691279a82094b321444

SHA256
7e769f3696d0916b5f5b09ce26fd1ff2572eadc1c4e0135051ed9057bb0cc2b0

SHA512
ea9f1121d66f2bb438b839f5d178768db4972087719a9703ac7d60d13f89b894bc65ce077be9762ff2d85624ab66037623f0147826a26a174cdf9bd1d6964c85

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

Filesize
2.0MB

MD5
b7249ba94fdc294c7202acf0376c31c4

SHA1
06ce89526d8a2347c8e69229533c6b854b4a7f01

SHA256
53877d8326ebb85119c19c4abacf199fd916b10e55378846b29443b188d5a594

SHA512
eaa2f024e08b836d8a775df16556cda190b578ab7d25b59bcd0b05ebd7c54786da33168aaa926d09341be909c3cffa2e960f16fcfdd0fe68d5464ae3b28ac620

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

Filesize
222KB

MD5
e311f8fa09a7b5b16ef9af3919eb15a9

SHA1
ecc6aaf3c8e765d1a169206cc1c176f2012a06cb

SHA256
de1269f154ea9458880a65c6431767f61b1170ab862e2ce949573b675ed7cfeb

SHA512
9c3d04878ba48d03fa7da56fbfb4a27ab3fbb1641b90a342ab4a8c1b8dca1369f316b72bfff5acaf911901149550ec2ced5098ce5a0be7d296f6c9c6b838e928

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

Filesize
2.0MB

MD5
61aa4b282214a797d6592a52049c8b2c

SHA1
81c1a7432cb9be4ec127c4208c63a34df4a92b47

SHA256
d63d0071ae83261f9980378a438054ac09e1ce45db876bb02fc58523cab555c9

SHA512
5db9a3edd4dfd3db8ca29fce8d5622506b6297f6b988966f0e0f41e2c3aa1f1046edf39da15b3b9f0db0cf4120e0a278e07e6befc567120c8a351bbcb0c29a04

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe

Filesize
328KB

MD5
7200e1bc570d99254cd1851ad1ff4017

SHA1
11395d41995c56076c86f4b27c1ecf22fef79e6e

SHA256
c15a9687f45edf0434f474514842038e5f13511a89b3c6f13dfa22f28d8face5

SHA512
81d41d4bf8d518fb30dfabfa1d61fcbe790d7dc569ae46dd83bf39b81556c0d5067ea1b66f6bf673500f2a4fa55ca9138c5fabf60b4e7167fc6409c642e6bb44

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe

Filesize
805KB

MD5
5121a31b00a3b1171576cd8d03b29b5e

SHA1
1592ab3d43747456f428ab1a5cac44356ec096bd

SHA256
a3fb0ec2e6f972db594829f3d5934c3b8b47887f00351219e1ec84791a0e2010

SHA512
ca2bd210bc0ccaa9e8909f4a47877d0a8f7bd317b52cd9891b29b3f616b0bbb92ea5e8b90cbdaf31a74b357fc7e88dcbc1be14193a3e29b6e9ebbd21b807f882

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
774KB

MD5
38aa4e934a753bbe3f890eabcd18e42b

SHA1
1931cdba1a099c66e7607c226b549c21310df5ab

SHA256
9427780831a72608d1a24b3a21191a6a93188bf3b23e23593d0efbbbae28b8ec

SHA512
02284c2b9661643b7c575792aa9f3b73ce02ae64e3cdc83e9f5eb04db808e4363bb9808d783bd8e98fb66f4732f60c43015c255dca9cde0bb40edef09063b5a6

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe

Filesize
284KB

MD5
0d7113d74592b5463b352e2d438ab256

SHA1
8899f5ff0faa0b276e7f936ef85e3bdc7ff8f679

SHA256
dfac8bf75c6b6b7e71556dddd031b1c69e43ca5fd06048ec150049f1a3355afb

SHA512
885582b5ea2ec140477237184eceb038769c20f7a4455171fe04070ef7df125fe2f65ec9947a8fe575f6bfe680537e261512ca688f5fffad9de0ea2a6f76636d

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

Filesize
840KB

MD5
afd240a3581de070373b6fece90ea16f

SHA1
016fab5bcbe4173400da033bf6777f77388688b4

SHA256
56dd21e9b2db35a647811bbfcfd31956de593de352044ef6179694c9d4730dc4

SHA512
5d9b9b269326de7fd8eb1d37b41f9d6071c258d2b952f76c21d3cf0cf66bce4929fc08aa60dec238f7182bfb384bca2969239ed28833422ec650ef82631bf41c

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe

Filesize
123KB

MD5
907c7db517507bb7b17eae1473c9fa95

SHA1
cfa264cad5536a8b4854ca0fdb6f630f06db5d34

SHA256
a9158505f44c4a132befa399e583432b800f573967272926ab46731eb4840910

SHA512
249ca64ef7ce25c1ebfe8bc3b46751c6074ee373a8c80669edcb5c95f088be478b6ba9d22b2be748528dae8283de663caf96a5f34bc5942bce0da128c285548f

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe

Filesize
401KB

MD5
b24f7ae0385499eccbac7cb74255c619

SHA1
506a7377dad4f71066de6155862f3b54c5c042d6

SHA256
1e7a228b81fd59449d27a2380d0ac5374dd410197dbb250e2be59bfa7d07e7ce

SHA512
a9382b64555448b5cf377658f90c616c144145a5ffe537675e75f13f892b5002e1e56fcb4560306299e7bf90e562265afe9b450ff31f75f6f2c7ebbab895101f

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe

Filesize
455KB

MD5
5a1a9f71687a02b215480db9e5ab85df

SHA1
c4cb939636cbb37989942bdfc0b03e6217a0b3a5

SHA256
dfa6d6406d4878cb257562256413c7a08161cde05fb70a28da6c4071ea5b5589

SHA512
34e56f577efb3f002b16a54cbc298a00b7d41a1636675eb1943bdfb106ab576092c6d3426baf6d4c23fb457037d761c3a4790970c3edc6f33429560f16f42d64

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
183KB

MD5
7a68b8bd0ab4d0447e2dee0e1bde77b9

SHA1
4188ecb83b1aa703e080aa452ceef7b7e0d48f67

SHA256
a5b0d8664f754935fa0b4d76071df54001e4265c9f30de18c504f8c8ccf8fc36

SHA512
4ece2b7af0d256b671d3e5c10de1d93a5a9d5c15fa5dbff52f1ac020f232f1a4b5aac79d76c6f4b0dad934374f18bccf014556b97795ab77198e5eb434718a0f

Download Submit
memory/1620-3-0x00000270D11A0000-0x00000270D11A5000-memory.dmp

Filesize
20KB

Download
memory/1620-509-0x00000270D11A0000-0x00000270D11A5000-memory.dmp

Filesize
20KB

Download
memory/1620-9-0x00000270D11A0000-0x00000270D11A5000-memory.dmp

Filesize
20KB

Download
memory/1620-7-0x00000270D11A0000-0x00000270D11A5000-memory.dmp

Filesize
20KB

Download
memory/1620-4-0x0000000000D40000-0x0000000000E2E000-memory.dmp

Filesize
952KB

Download
memory/1620-5-0x00000270D11B0000-0x00000270D11B4000-memory.dmp

Filesize
16KB

Download
memory/1620-0-0x00000270D11B0000-0x00000270D11B4000-memory.dmp

Filesize
16KB

Download
memory/1620-2-0x00000270D1170000-0x00000270D1177000-memory.dmp

Filesize
28KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads