Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 04:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe
-
Size
305KB
-
MD5
ab345bd0535688fcf0c8eba9ec82a870
-
SHA1
4feab4c4ef291dc4b0ec71b3bfcd6c6cc3ceee55
-
SHA256
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683
-
SHA512
828ae40f7449f276bf763f2fd6b5afb3f55e4f4ea51b9d36541e5b9db6d2cfe98f2d543cd2047c841829729bed68aa3341a8439dac8ce1455b33f527ffbbedf5
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoG74Abtud+3SomfOTr002:Pcm7ImGddXtWrXF5lpKGsAbA+3pB0v
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1700-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2788-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4740-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1876-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3724-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3224-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4256-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1584-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3692-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1608-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3004-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4788-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3616-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3120-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2140-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3232-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1852-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2552-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1212-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1208-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2032-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3852-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2428-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/668-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/512-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1548-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1820-225-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2220-231-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3228-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4380-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1584-255-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1708-271-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3976-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4060-301-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3100-318-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4384-331-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1052-344-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3584-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3584-364-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4632-369-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1912-373-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1700-377-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2788-387-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3972-397-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1432-423-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1164-445-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2928-459-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4556-499-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1336-503-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/684-528-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3568-532-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3436-539-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/452-573-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2604-580-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4712-587-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4588-609-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4360-656-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2772-778-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2780-833-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-934-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2884-1011-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1144-1120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3068-1321-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
vvjdd.exehbbbnh.exevjdjj.exefrrllrf.exenhbnbt.exe3vdpp.exentnhnb.exe3xlfrxf.exeddvpj.exerxlfxrl.exetntbnh.exe3vddj.exe3tbbtt.exevppjv.exeflfxrxf.exe5tthbt.exejvdvp.exexfxxfrl.exehhbbnb.exevpdjv.exe1fffxrl.exedvjjv.exehhbnbn.exedjpdp.exelfflfll.exe3nbnbn.exe5xfxrlf.exe3jvjd.exe3llfrrf.exepjvvj.exerllfrlf.exenhhntb.exe5dvpd.exelxfxffr.exebhhhnb.exe3dpjv.exe5jvpp.exexxfxxrr.exehbhbtt.exejjppv.exe5tbbnn.exettbthh.exevddvj.exe3rxfxlf.exe1thnnn.exehbbbbb.exejjvdp.exe9rllllx.exehbtnhn.exepjpvd.exepdvjd.exe1fxrffx.exehbtnth.exevdvdj.exefrfxlxl.exerlffrfx.exe7tnhbh.exeddjjj.exerrxxxrx.exe3nbntn.exejjjdp.exerxfxllx.exebthtnn.exevdvpv.exepid process 1876 vvjdd.exe 3164 hbbbnh.exe 4740 vjdjj.exe 2788 frrllrf.exe 1364 nhbnbt.exe 3724 3vdpp.exe 3224 ntnhnb.exe 4256 3xlfrxf.exe 1584 ddvpj.exe 1608 rxlfxrl.exe 3692 tntbnh.exe 3004 3vddj.exe 4788 3tbbtt.exe 3616 vppjv.exe 3120 flfxrxf.exe 3668 5tthbt.exe 2140 jvdvp.exe 2092 xfxxfrl.exe 3232 hhbbnb.exe 1852 vpdjv.exe 2552 1fffxrl.exe 3236 dvjjv.exe 1212 hhbnbn.exe 2120 djpdp.exe 1208 lfflfll.exe 4160 3nbnbn.exe 2028 5xfxrlf.exe 2032 3jvjd.exe 1792 3llfrrf.exe 3852 pjvvj.exe 3060 rllfrlf.exe 2428 nhhntb.exe 668 5dvpd.exe 4264 lxfxffr.exe 512 bhhhnb.exe 2168 3dpjv.exe 2336 5jvpp.exe 1548 xxfxxrr.exe 2144 hbhbtt.exe 4912 jjppv.exe 4692 5tbbnn.exe 4232 ttbthh.exe 2408 vddvj.exe 1820 3rxfxlf.exe 2220 1thnnn.exe 1588 hbbbbb.exe 3228 jjvdp.exe 4380 9rllllx.exe 3224 hbtnhn.exe 3708 pjpvd.exe 2624 pdvjd.exe 1584 1fxrffx.exe 2124 hbtnth.exe 1608 vdvdj.exe 3744 frfxlxl.exe 4028 rlffrfx.exe 1708 7tnhbh.exe 3280 ddjjj.exe 448 rrxxxrx.exe 3616 3nbntn.exe 3976 jjjdp.exe 2784 rxfxllx.exe 4780 bthtnn.exe 3352 vdvpv.exe -
Processes:
resource yara_rule behavioral2/memory/1700-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1700-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3164-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2788-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4740-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1876-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3724-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3224-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4256-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1584-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3692-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1608-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3004-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4788-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3616-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3120-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2140-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3232-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1852-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2552-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1212-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1208-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2032-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3852-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2428-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/668-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/512-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1548-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1820-225-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2220-231-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3228-238-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4380-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1584-255-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1708-271-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3976-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3976-285-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4060-301-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3100-318-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4384-331-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1052-344-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3584-360-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3584-364-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-365-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-369-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1912-373-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1700-377-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2788-387-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3972-397-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1432-419-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1432-423-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1164-445-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2928-459-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4556-499-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1336-503-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/684-528-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3568-532-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3436-539-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/452-573-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2604-580-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4712-587-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4588-609-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4360-656-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3708-663-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exevvjdd.exehbbbnh.exevjdjj.exefrrllrf.exenhbnbt.exe3vdpp.exentnhnb.exe3xlfrxf.exeddvpj.exerxlfxrl.exetntbnh.exe3vddj.exe3tbbtt.exevppjv.exeflfxrxf.exe5tthbt.exejvdvp.exexfxxfrl.exehhbbnb.exevpdjv.exe1fffxrl.exedescription pid process target process PID 1700 wrote to memory of 1876 1700 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe vvjdd.exe PID 1700 wrote to memory of 1876 1700 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe vvjdd.exe PID 1700 wrote to memory of 1876 1700 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe vvjdd.exe PID 1876 wrote to memory of 3164 1876 vvjdd.exe hbbbnh.exe PID 1876 wrote to memory of 3164 1876 vvjdd.exe hbbbnh.exe PID 1876 wrote to memory of 3164 1876 vvjdd.exe hbbbnh.exe PID 3164 wrote to memory of 4740 3164 hbbbnh.exe vjdjj.exe PID 3164 wrote to memory of 4740 3164 hbbbnh.exe vjdjj.exe PID 3164 wrote to memory of 4740 3164 hbbbnh.exe vjdjj.exe PID 4740 wrote to memory of 2788 4740 vjdjj.exe frrllrf.exe PID 4740 wrote to memory of 2788 4740 vjdjj.exe frrllrf.exe PID 4740 wrote to memory of 2788 4740 vjdjj.exe frrllrf.exe PID 2788 wrote to memory of 1364 2788 frrllrf.exe nhbnbt.exe PID 2788 wrote to memory of 1364 2788 frrllrf.exe nhbnbt.exe PID 2788 wrote to memory of 1364 2788 frrllrf.exe nhbnbt.exe PID 1364 wrote to memory of 3724 1364 nhbnbt.exe 3vdpp.exe PID 1364 wrote to memory of 3724 1364 nhbnbt.exe 3vdpp.exe PID 1364 wrote to memory of 3724 1364 nhbnbt.exe 3vdpp.exe PID 3724 wrote to memory of 3224 3724 3vdpp.exe ntnhnb.exe PID 3724 wrote to memory of 3224 3724 3vdpp.exe ntnhnb.exe PID 3724 wrote to memory of 3224 3724 3vdpp.exe ntnhnb.exe PID 3224 wrote to memory of 4256 3224 ntnhnb.exe 3xlfrxf.exe PID 3224 wrote to memory of 4256 3224 ntnhnb.exe 3xlfrxf.exe PID 3224 wrote to memory of 4256 3224 ntnhnb.exe 3xlfrxf.exe PID 4256 wrote to memory of 1584 4256 3xlfrxf.exe ddvpj.exe PID 4256 wrote to memory of 1584 4256 3xlfrxf.exe ddvpj.exe PID 4256 wrote to memory of 1584 4256 3xlfrxf.exe ddvpj.exe PID 1584 wrote to memory of 1608 1584 ddvpj.exe rxlfxrl.exe PID 1584 wrote to memory of 1608 1584 ddvpj.exe rxlfxrl.exe PID 1584 wrote to memory of 1608 1584 ddvpj.exe rxlfxrl.exe PID 1608 wrote to memory of 3692 1608 rxlfxrl.exe tntbnh.exe PID 1608 wrote to memory of 3692 1608 rxlfxrl.exe tntbnh.exe PID 1608 wrote to memory of 3692 1608 rxlfxrl.exe tntbnh.exe PID 3692 wrote to memory of 3004 3692 tntbnh.exe 3vddj.exe PID 3692 wrote to memory of 3004 3692 tntbnh.exe 3vddj.exe PID 3692 wrote to memory of 3004 3692 tntbnh.exe 3vddj.exe PID 3004 wrote to memory of 4788 3004 3vddj.exe 3tbbtt.exe PID 3004 wrote to memory of 4788 3004 3vddj.exe 3tbbtt.exe PID 3004 wrote to memory of 4788 3004 3vddj.exe 3tbbtt.exe PID 4788 wrote to memory of 3616 4788 3tbbtt.exe vppjv.exe PID 4788 wrote to memory of 3616 4788 3tbbtt.exe vppjv.exe PID 4788 wrote to memory of 3616 4788 3tbbtt.exe vppjv.exe PID 3616 wrote to memory of 3120 3616 vppjv.exe flfxrxf.exe PID 3616 wrote to memory of 3120 3616 vppjv.exe flfxrxf.exe PID 3616 wrote to memory of 3120 3616 vppjv.exe flfxrxf.exe PID 3120 wrote to memory of 3668 3120 flfxrxf.exe 5tthbt.exe PID 3120 wrote to memory of 3668 3120 flfxrxf.exe 5tthbt.exe PID 3120 wrote to memory of 3668 3120 flfxrxf.exe 5tthbt.exe PID 3668 wrote to memory of 2140 3668 5tthbt.exe jvdvp.exe PID 3668 wrote to memory of 2140 3668 5tthbt.exe jvdvp.exe PID 3668 wrote to memory of 2140 3668 5tthbt.exe jvdvp.exe PID 2140 wrote to memory of 2092 2140 jvdvp.exe xfxxfrl.exe PID 2140 wrote to memory of 2092 2140 jvdvp.exe xfxxfrl.exe PID 2140 wrote to memory of 2092 2140 jvdvp.exe xfxxfrl.exe PID 2092 wrote to memory of 3232 2092 xfxxfrl.exe hhbbnb.exe PID 2092 wrote to memory of 3232 2092 xfxxfrl.exe hhbbnb.exe PID 2092 wrote to memory of 3232 2092 xfxxfrl.exe hhbbnb.exe PID 3232 wrote to memory of 1852 3232 hhbbnb.exe vpdjv.exe PID 3232 wrote to memory of 1852 3232 hhbbnb.exe vpdjv.exe PID 3232 wrote to memory of 1852 3232 hhbbnb.exe vpdjv.exe PID 1852 wrote to memory of 2552 1852 vpdjv.exe 1fffxrl.exe PID 1852 wrote to memory of 2552 1852 vpdjv.exe 1fffxrl.exe PID 1852 wrote to memory of 2552 1852 vpdjv.exe 1fffxrl.exe PID 2552 wrote to memory of 3236 2552 1fffxrl.exe dvjjv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\vvjdd.exec:\vvjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1876 -
\??\c:\hbbbnh.exec:\hbbbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3164 -
\??\c:\vjdjj.exec:\vjdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4740 -
\??\c:\frrllrf.exec:\frrllrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\nhbnbt.exec:\nhbnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\3vdpp.exec:\3vdpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\ntnhnb.exec:\ntnhnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3224 -
\??\c:\3xlfrxf.exec:\3xlfrxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4256 -
\??\c:\ddvpj.exec:\ddvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\rxlfxrl.exec:\rxlfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\tntbnh.exec:\tntbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3692 -
\??\c:\3vddj.exec:\3vddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3004 -
\??\c:\3tbbtt.exec:\3tbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4788 -
\??\c:\vppjv.exec:\vppjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3616 -
\??\c:\flfxrxf.exec:\flfxrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3120 -
\??\c:\5tthbt.exec:\5tthbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3668 -
\??\c:\jvdvp.exec:\jvdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2140 -
\??\c:\xfxxfrl.exec:\xfxxfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\hhbbnb.exec:\hhbbnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3232 -
\??\c:\vpdjv.exec:\vpdjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1852 -
\??\c:\1fffxrl.exec:\1fffxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\dvjjv.exec:\dvjjv.exe23⤵
- Executes dropped EXE
PID:3236 -
\??\c:\hhbnbn.exec:\hhbnbn.exe24⤵
- Executes dropped EXE
PID:1212 -
\??\c:\djpdp.exec:\djpdp.exe25⤵
- Executes dropped EXE
PID:2120 -
\??\c:\lfflfll.exec:\lfflfll.exe26⤵
- Executes dropped EXE
PID:1208 -
\??\c:\3nbnbn.exec:\3nbnbn.exe27⤵
- Executes dropped EXE
PID:4160 -
\??\c:\5xfxrlf.exec:\5xfxrlf.exe28⤵
- Executes dropped EXE
PID:2028 -
\??\c:\3jvjd.exec:\3jvjd.exe29⤵
- Executes dropped EXE
PID:2032 -
\??\c:\3llfrrf.exec:\3llfrrf.exe30⤵
- Executes dropped EXE
PID:1792 -
\??\c:\pjvvj.exec:\pjvvj.exe31⤵
- Executes dropped EXE
PID:3852 -
\??\c:\rllfrlf.exec:\rllfrlf.exe32⤵
- Executes dropped EXE
PID:3060 -
\??\c:\nhhntb.exec:\nhhntb.exe33⤵
- Executes dropped EXE
PID:2428 -
\??\c:\5dvpd.exec:\5dvpd.exe34⤵
- Executes dropped EXE
PID:668 -
\??\c:\lxfxffr.exec:\lxfxffr.exe35⤵
- Executes dropped EXE
PID:4264 -
\??\c:\bhhhnb.exec:\bhhhnb.exe36⤵
- Executes dropped EXE
PID:512 -
\??\c:\3dpjv.exec:\3dpjv.exe37⤵
- Executes dropped EXE
PID:2168 -
\??\c:\5jvpp.exec:\5jvpp.exe38⤵
- Executes dropped EXE
PID:2336 -
\??\c:\xxfxxrr.exec:\xxfxxrr.exe39⤵
- Executes dropped EXE
PID:1548 -
\??\c:\hbhbtt.exec:\hbhbtt.exe40⤵
- Executes dropped EXE
PID:2144 -
\??\c:\jjppv.exec:\jjppv.exe41⤵
- Executes dropped EXE
PID:4912 -
\??\c:\5tbbnn.exec:\5tbbnn.exe42⤵
- Executes dropped EXE
PID:4692 -
\??\c:\ttbthh.exec:\ttbthh.exe43⤵
- Executes dropped EXE
PID:4232 -
\??\c:\vddvj.exec:\vddvj.exe44⤵
- Executes dropped EXE
PID:2408 -
\??\c:\3rxfxlf.exec:\3rxfxlf.exe45⤵
- Executes dropped EXE
PID:1820 -
\??\c:\1thnnn.exec:\1thnnn.exe46⤵
- Executes dropped EXE
PID:2220 -
\??\c:\hbbbbb.exec:\hbbbbb.exe47⤵
- Executes dropped EXE
PID:1588 -
\??\c:\jjvdp.exec:\jjvdp.exe48⤵
- Executes dropped EXE
PID:3228 -
\??\c:\9rllllx.exec:\9rllllx.exe49⤵
- Executes dropped EXE
PID:4380 -
\??\c:\hbtnhn.exec:\hbtnhn.exe50⤵
- Executes dropped EXE
PID:3224 -
\??\c:\pjpvd.exec:\pjpvd.exe51⤵
- Executes dropped EXE
PID:3708 -
\??\c:\pdvjd.exec:\pdvjd.exe52⤵
- Executes dropped EXE
PID:2624 -
\??\c:\1fxrffx.exec:\1fxrffx.exe53⤵
- Executes dropped EXE
PID:1584 -
\??\c:\hbtnth.exec:\hbtnth.exe54⤵
- Executes dropped EXE
PID:2124 -
\??\c:\vdvdj.exec:\vdvdj.exe55⤵
- Executes dropped EXE
PID:1608 -
\??\c:\frfxlxl.exec:\frfxlxl.exe56⤵
- Executes dropped EXE
PID:3744 -
\??\c:\rlffrfx.exec:\rlffrfx.exe57⤵
- Executes dropped EXE
PID:4028 -
\??\c:\7tnhbh.exec:\7tnhbh.exe58⤵
- Executes dropped EXE
PID:1708 -
\??\c:\ddjjj.exec:\ddjjj.exe59⤵
- Executes dropped EXE
PID:3280 -
\??\c:\rrxxxrx.exec:\rrxxxrx.exe60⤵
- Executes dropped EXE
PID:448 -
\??\c:\3nbntn.exec:\3nbntn.exe61⤵
- Executes dropped EXE
PID:3616 -
\??\c:\jjjdp.exec:\jjjdp.exe62⤵
- Executes dropped EXE
PID:3976 -
\??\c:\rxfxllx.exec:\rxfxllx.exe63⤵
- Executes dropped EXE
PID:2784 -
\??\c:\bthtnn.exec:\bthtnn.exe64⤵
- Executes dropped EXE
PID:4780 -
\??\c:\vdvpv.exec:\vdvpv.exe65⤵
- Executes dropped EXE
PID:3352 -
\??\c:\vdvpd.exec:\vdvpd.exe66⤵PID:1256
-
\??\c:\9rlxlxl.exec:\9rlxlxl.exe67⤵PID:1852
-
\??\c:\hbthtn.exec:\hbthtn.exe68⤵PID:4060
-
\??\c:\ppjpd.exec:\ppjpd.exe69⤵PID:4280
-
\??\c:\djpjv.exec:\djpjv.exe70⤵PID:2524
-
\??\c:\rrrrlfr.exec:\rrrrlfr.exe71⤵PID:1212
-
\??\c:\nhthnb.exec:\nhthnb.exe72⤵PID:3100
-
\??\c:\pjpjv.exec:\pjpjv.exe73⤵PID:2928
-
\??\c:\3jppp.exec:\3jppp.exe74⤵PID:1692
-
\??\c:\lflfxrr.exec:\lflfxrr.exe75⤵PID:3720
-
\??\c:\thnnnn.exec:\thnnnn.exe76⤵PID:4384
-
\??\c:\vpvpj.exec:\vpvpj.exe77⤵PID:4908
-
\??\c:\pjdvd.exec:\pjdvd.exe78⤵PID:2752
-
\??\c:\vvvjv.exec:\vvvjv.exe79⤵PID:2316
-
\??\c:\rfxfxxf.exec:\rfxfxxf.exe80⤵PID:1052
-
\??\c:\bthhnt.exec:\bthhnt.exe81⤵PID:1576
-
\??\c:\vjjdv.exec:\vjjdv.exe82⤵PID:2428
-
\??\c:\9rxxrrl.exec:\9rxxrrl.exe83⤵PID:668
-
\??\c:\tnbnth.exec:\tnbnth.exe84⤵PID:5116
-
\??\c:\1ttthb.exec:\1ttthb.exe85⤵PID:512
-
\??\c:\pdvvd.exec:\pdvvd.exe86⤵PID:3584
-
\??\c:\xrlxflr.exec:\xrlxflr.exe87⤵PID:4632
-
\??\c:\hthnbn.exec:\hthnbn.exe88⤵PID:1912
-
\??\c:\vpjpp.exec:\vpjpp.exe89⤵PID:1700
-
\??\c:\lfflxfl.exec:\lfflxfl.exe90⤵PID:3592
-
\??\c:\lxrllxf.exec:\lxrllxf.exe91⤵PID:4232
-
\??\c:\hhhbtn.exec:\hhhbtn.exe92⤵PID:2788
-
\??\c:\vjppp.exec:\vjppp.exe93⤵PID:3028
-
\??\c:\ppvdj.exec:\ppvdj.exe94⤵PID:684
-
\??\c:\nnhnhh.exec:\nnhnhh.exe95⤵PID:3972
-
\??\c:\hhbttt.exec:\hhbttt.exe96⤵PID:3436
-
\??\c:\dpdvv.exec:\dpdvv.exe97⤵PID:720
-
\??\c:\rlxlxrf.exec:\rlxlxrf.exe98⤵PID:1948
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe99⤵PID:2124
-
\??\c:\5ntttb.exec:\5ntttb.exe100⤵PID:2996
-
\??\c:\pvjvd.exec:\pvjvd.exe101⤵PID:1808
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe102⤵PID:3280
-
\??\c:\hthnhh.exec:\hthnhh.exe103⤵PID:1432
-
\??\c:\hntbhh.exec:\hntbhh.exe104⤵PID:3616
-
\??\c:\dddjj.exec:\dddjj.exe105⤵PID:4620
-
\??\c:\xllfxxr.exec:\xllfxxr.exe106⤵PID:1900
-
\??\c:\ntbtnn.exec:\ntbtnn.exe107⤵PID:4224
-
\??\c:\ddvjj.exec:\ddvjj.exe108⤵PID:3212
-
\??\c:\bttthb.exec:\bttthb.exe109⤵PID:2528
-
\??\c:\bnbbhb.exec:\bnbbhb.exe110⤵PID:1164
-
\??\c:\djppj.exec:\djppj.exe111⤵PID:3236
-
\??\c:\lfxfxlr.exec:\lfxfxlr.exe112⤵PID:3284
-
\??\c:\thhbtt.exec:\thhbtt.exe113⤵PID:1728
-
\??\c:\jpvpj.exec:\jpvpj.exe114⤵PID:4916
-
\??\c:\flffxrl.exec:\flffxrl.exe115⤵PID:2928
-
\??\c:\ntnnnb.exec:\ntnnnb.exe116⤵PID:1692
-
\??\c:\5btnnn.exec:\5btnnn.exe117⤵PID:3720
-
\??\c:\dvdjd.exec:\dvdjd.exe118⤵PID:4384
-
\??\c:\5ffxrrr.exec:\5ffxrrr.exe119⤵PID:3084
-
\??\c:\frlxrxx.exec:\frlxrxx.exe120⤵PID:3140
-
\??\c:\bhnnnn.exec:\bhnnnn.exe121⤵PID:2316
-
\??\c:\dpjdv.exec:\dpjdv.exe122⤵PID:3108
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-