azov | 93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7

Analysis

max time kernel
141s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
Size

210KB
MD5

5a6be7fd4177c3981476ed55d34b1100
SHA1

807bb107b65daf9c1e69bded17fb9a76ee3ad3da
SHA256

93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7
SHA512

faa45cb053aab3c7a385f2591e3adf44c78fa1c60398fe46024ff18c5ef9237664c24ec07f9bfaa83baeef153208bff23212f74ed95eac11ffbd52d3bb908e08
SSDEEP

6144:rms9+PTsfErmFzKq2aOpBZw9d9kLTJzrm:rms929Dwm8

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (8234) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\W:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\K:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\M:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\R:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\J:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\L:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\N:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\T:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\V:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\E:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\H:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\I:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\S:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\X:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\O:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\P:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\A:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\B:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened (read-only)	\??\G:	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-200_contrast-black.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-140.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\ui-strings.js	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses.svg	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ui-strings.js	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\SmallTile.scale-125.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Generic.xaml	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Button_Click_Sound.wav	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\ui-strings.js	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256_contrast-white.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\microsoft-logo-color.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\13.rsrc	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-64_contrast-black.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Microsoft.IoT.Cortana.winmd	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-black_scale-200.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-125.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MoviesAnywhereLogo.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-200.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\19.rsrc	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-80.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\RESTORE_FILES.txt	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png	93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93997ad31a977729b74102cd34da452c7d462ab3e749f4eff578b21370f8e7e7_NeikiAnalytics.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg

Filesize
7KB

MD5
6b230b8fe1b21dc240529bdf17b6651f

SHA1
a1c19530a14fbdbd7af7e133a872e33466ed927d

SHA256
4fe21c40aa7e6e51ad753afe203aea00746b9a9237d15ba29d9e162f929e79b4

SHA512
25592446972647264d0131d46ecb6e95c86a7c9a5fa0e4a7d98142ed8395aa4a1d04e913ad8e2424af980f762338a2523a3f57430f9d766030ddd0fe84c7157a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

Filesize
296KB

MD5
50336c3510040cf1c5509a37ff2b4df0

SHA1
714787114af61aa3e2ef54e393a458b4409cca7f

SHA256
d3244606508e08c3345d529920a5077e3c58e8c8ffccfb8362ffcd6f19a418ae

SHA512
2a3f0c2571301e9f0f4fa3e9252a5635baaa3f7589fbf1edc22551d075280314f5501aa0f7da6c46508887851d608fd77be78bf0f0d1828da180cda84f4b9c4e

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe

Filesize
333KB

MD5
d04a7b58c5ecaa5049eb1362f4aaf1a1

SHA1
354b8c28bedcf6f7fdde013c3a21418f34a5193d

SHA256
366920211e7b8ba4d11608e3da93cd55950a9886ad6291a8846f4ab93e770378

SHA512
051c9d9c5fe38bddb9c23a426b9c295a658042534e14b10aca4207c3c8ad636a70504244c4f18b6f16aed127a20bd4bb5199646e60bdaad9fc265dedd99cea17

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe

Filesize
333KB

MD5
bada1ffa5f7b28e7ff2776ad0f5e628e

SHA1
de5adb80f0274c1830ace88058f121b31436b2ef

SHA256
dddda9e2bcc7d2d03d3e76b165b8c939703065ecf3455e965fb949d74fa48bbd

SHA512
2a323e833714a4f7047bcf13bfe63d6591428d9b574d94599aba5bd695a5405f776b795b4e9a1321b62f86450152a5ca4f30c4a34f02c8a208778314f55d4d08

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe

Filesize
540KB

MD5
d3c4193cdb809138a9e92525d0461d7e

SHA1
1fe0cd3c02056694f84385d2705f66d247c1fa6b

SHA256
db8037de2eaf69954dfbcd69028105fa399e613eaf4c7b40224adc0b407dee07

SHA512
62901059cae202171e8a7a1fe66f03f67c185e262f8be7dcf48053e1eedab86056babe4237f19ddbf238d5bed6d706d7d15ed755fead2a1ab37109652eea482b

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

Filesize
454KB

MD5
0628da6f6efd0bc517253ee84c7975fe

SHA1
b27654f22656881c15bccb089ac55f9a98abbab8

SHA256
c6f869a4932963d0c59abce59f7438e1dbe795bce25d87af1ae94bb7bad8a20c

SHA512
5f770c1d5ced2e12e51c1e338aad35f48baf8c9b1ba1f99b19c54644cbe66495cf7d4cdc8541de8e60aa1727078fa8756fce0a5f0806bea64ad42a4cf969558f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
262KB

MD5
6b07d892f85669874a44ece5eab4651f

SHA1
11cbec25025e649f3e0868f65dd5b8145d168144

SHA256
4cacb908b290ff57937080d3754123e213ba21e114f1188e022ec2a2cb32c1ff

SHA512
08a12e9a1e007d4bf851b89e1e4602aa2708edf5356b6f8c3837cf351ed8ce726f87562ca210f582411cd3c0e9a58e8302a789b89ef489b3d8ae9fd2dfcfe47a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

Filesize
545KB

MD5
6f3e89894217d080654bb5a76eee1107

SHA1
5d1f87c9bbaf26b497f4a99662f9584c6c0883b4

SHA256
3c8ef0fa3caf163b04914b9a0233d927670d28d6379b287e1bb4acd9ce6f13f2

SHA512
4b512ee1bbf26bfc4acad1e87bcf14db1db7b8906ed13d68c9294f14e97d112f3ecd8086312edff08dc365b2e7fe0e9992353aac202fea353f4647a2cf02b121

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

Filesize
3.7MB

MD5
e4c09fd6b3aa96c9207c9cea0bb09262

SHA1
3d8570677a64d1c46cbc7555c1b0697e2c291ce1

SHA256
a494a2f670c8a618f777c743fb9eed9ae18007e59962203f20f4227c534c4aff

SHA512
0df2b3aa56cf32488ba57a8490542f1b484d88f4cce0ff62a971cb9edc9b6cf0588bd4023e67734f03ac62d0fccade7fe5b7cd2874f1e4e5538530a0f29ae4e8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
1.7MB

MD5
9ea89169456be9a0850a81e4c9e5bad3

SHA1
b6f7e2ab64225a8e52b02bee0dae0a9763170e4e

SHA256
b074d71e3afb1149370cd7391d0c2ab38a11cae7999c2791b8fe08c332b30720

SHA512
9a9e8291710e3cde1ac4c09e533c55a771b7470551ee44d959868c8fae17a5886b4d72055eed2573e65f51af48e18700eb2af3e23968336924fd39613177e110

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

Filesize
1.2MB

MD5
e14960ebc0f3f7fc27e8bf43f365b286

SHA1
4f832a273b96a4fb163d883bcb111f6e70bc8ebb

SHA256
15ad9edc321dc9afbb6ca0acbe3eeae4a70fc01116abd0b32726c82208abcde0

SHA512
2fe76cbc40a8ed97a073b2dce499a833ccf4e76534b7fd9003981c731885ecc2bc81a41dacc2ccd1b2d23869542847cb763e325703bb75b242b886e8e4e182dd

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

Filesize
3.3MB

MD5
30812407c75a27385f05f8a293c3cebc

SHA1
93e54ee222d40ef529a04bc41f071d6ba719ccf5

SHA256
f925cc40a5a6e0b294710999586b5d3802d51ba4d5a20e217299a9b83044bae0

SHA512
e8eb22f5b3b89bd0b645e6243d06051927edf66a959ff1ddbc162e8b0336917fdc3275eea980ff8dadcedfaa2541b88f8e6748e5b1b01874acca7d342fd60b4f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

Filesize
1.2MB

MD5
cf7ad386361ae755479a29b61ff1fb16

SHA1
8e088158e3647d94ed04a388d43da123b6dd10ca

SHA256
587f8538d649644243a7d40aa0bfbfd46a84b09dc28a7d0010e0d8efa8d82871

SHA512
fdf7efae0c027e231c505fce654f664cedf7d8c8dbddee06ed4bc145d310257a4857b266abedf9900c5ab2efcec840e4cb8fd2e176f90409de3805ed3ac2a2f2

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

Filesize
1.7MB

MD5
dd7786c81f856c91c5daefd7690e0b0c

SHA1
25dfc5075633933562d9ce86ffb629ace1c56235

SHA256
4e67d5158500c3d763ada2cca97f6cae4b2c1a9a9fde6174e194ad2310a59a4e

SHA512
17e6be5f7ad6f46d505716d03faeac58516e596a9385219f3a5c41abb923fa7bac8f3ab34225170e6e65d30f83fdc9cf14a4e4d77e6f0c56070fcc1b67d5a3d7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

Filesize
2.9MB

MD5
6ce4a519d6f827293ee4631ae7de27c1

SHA1
80570e0340a7781603c9975fe0e96ab6aa40968d

SHA256
2472d13c1cd5ede23afd855d38bba9e84637ec734cd80152ef3b61c425f404db

SHA512
7ef3aadb33e3f6d35f29d9cacdc334667ba942cae78c1d6d7e6a9506578477120aab65427ce904feefd3c843892350966b5c747df930584bc2dd34757c36416c

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

Filesize
1.4MB

MD5
f16f89a05b9ce10996593358810dc308

SHA1
fa37dcbbe5d0183518dbaedaf4901bdfc22483ea

SHA256
d3b22bc2851548fcd5af05ddd6d40b0e77401bee618320bc735d6acde39c29ea

SHA512
fe9952743f94f942fd41e5328d6fd7ef9279590eebc204822e508a4d9bb47c1982c22c4cd3abcf8fce189c7d4cb715b5b47bbcb71b277276246b1b13bc14594b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

Filesize
1.2MB

MD5
e66ab30458f38b5f695b6bf3989e67cd

SHA1
b45f404183c0b5314324e3c34914780ebc6fc9af

SHA256
75c693bbac08a2c020a095cbf67c680e93f172c3e99988ba2194bb5c03921d41

SHA512
73671d5dfe0d9f4627f30cb816d0d40485e2842f7928864783b1f5661c11b39f31a9f69d39289b24d757bfc057ade10c8c2dc91f80736d1a9fceb5ae4815e834

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.3MB

MD5
c442d09867aad2b320b0258419015159

SHA1
50bb4e39e87ceb88e9b9992ae343610a07aaedca

SHA256
6be5afc0519bcc0da85678ff841909ca299f1e18ba9901e868ac10c03b0ffdf3

SHA512
5fc474c66f8e7c851be32913809a6cbec44dfac73000111d5063dcddf5f77b090ca1430a38f71b75ce2b52babbbb402a20092ed23a9697f90bb1f3dbf848ed31

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

Filesize
1.2MB

MD5
1da03aced8439925392fbefde2c1274c

SHA1
e97c626d940840b38217a9f98c6beb3f56b5d08a

SHA256
b37e3983bea9036ff5ced7ab2f8e1db0ec11034a6233ef46f5383eab4bec368c

SHA512
e5215d83a513f1cc0233aae3935accc17f70841ba6a7d84331b0ec448dc2390d08c5c93cd44c04b9a79087a12d27cfbacb5a0f1ecef4039437e4a85560b99fe3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

Filesize
1.2MB

MD5
ed1574df84e0a5d4988d93a49f032733

SHA1
dd496b1e16077714020c480bc1bb8e02ab743204

SHA256
8e08cc4d6f1870c16aa2670437dc870eb414da16b9c67872d5c5cf192b8d694e

SHA512
8e2c8000552fc5cf320bf34a9e8d1459410cce905b73a7f82549f97ed70f4d742e7aaabd2f5e8990f72d9b23f2eb93dc0aaab2a8cc83f060d6f104b37f7d0a64

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
301KB

MD5
4068fe40cddcee1b584c60a153135111

SHA1
2dc8e95ceed028a1b37e95504e771f74524426d6

SHA256
13add2ed3e3183682c7ec9673695bf005d10425585d5c46c56201db2e7f26220

SHA512
548a983d245c109e82502d2ecdf949be57ad49ce34ea2a37e3fed1817182a70e36b37fb30ce3842db1b68c7ecbdc1dc5341745b3a2db4541506e4c6a3a14a8ce

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
666KB

MD5
dae69d507a335b0d150ee43e6b9aac9e

SHA1
97ac8072136a362698c17b6ad352a424486e36f5

SHA256
2846e4b31d7a3e9b8418a29f9da22b9d155568c9d0666fa5490325e02d1e8002

SHA512
86c7421fdedf9e62ad1fe94cd9d4ff4e4b0f9fdae5daf5ec542dd3ba1719eb7f8b6d5ce5d1dede395952260279e595837555db383039499b931dcffedec4cd9c

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.1MB

MD5
82673938081d85138afb054c4b54ab55

SHA1
e1e001b41c69c1ea0c4e2117ceab0aff5e827201

SHA256
0e00d0807a53f35d463a8fe731f2611d7aacf661b2ef4064baacf6147da8a449

SHA512
6f81483cd2a143cbbbb1167cb242acceffe94d49ab2484b0834f934b41b5f2220136755aca917aebb7d7390ed15c57dc546e7c42658a45e1aadf1510c5c16839

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
832KB

MD5
3e96134e9153231d4d3647312925ae2f

SHA1
9d02d3ae562dd29e9f4264d42c3afa0b0f888868

SHA256
cf0f7f164f5d8847480e2954c63bc6509353dd69c4e790ac6a5d6830b7389c7a

SHA512
4953fc8b0bbe864468aa6c4ea07001a46183069b4347c07bbe35014f8278487c8f112947973e5741d2ad2b9e5d6ec697a8b0225acc28e607883f614abdd6dcbe

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
350KB

MD5
bc75f93b6bc96efb73a86e8e474e3765

SHA1
ae9cb082b5a69582bb061c037c15f906c1a3d870

SHA256
435f1f4bc7b636d091f6c58f038afd53f07ee1697dcb4e795047eb93b6696a10

SHA512
6301ab7c4a26a09e3c7a2d1b4bf05458be473004a6a49bbaca6679053297c58c204f60a760f5a19da41026202d292dfa9c9990b0cc2c11ac2fbad6ca06d83b9e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.3MB

MD5
775d48deec6c3ebbe25bde1cb1344ba4

SHA1
52338f6b766e2f3d4c478f4ade443471d335f13f

SHA256
96f040785542e79c31b3a65ce2390468623abb985d769294c4913f87ffe46515

SHA512
3f949e381adbf3ce3acbc4d8727e2a8977ececf10eb26d53329c0f2fdcf9c5daf49d45878e9f8a8f7f4e1bb7513196944af0f5041697b909761fe4d8f7fb40f8

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.3MB

MD5
dde6273a729b321e75aa47204a22f739

SHA1
609b7aecd06c8dc711a7aff3e0dea2b6d31a5a65

SHA256
1aabe23f5d194434c2d6c5218a25e0b228d050732ff87f69651516fc3ebae7cb

SHA512
9c6083ce698c869e98ac9dd9bd9c5b8b2b7be943faa034820bbfab186a094c7eb57d7e8b0091e086da816166ac66104f96b4c21f3701e7ed70bf8ad49c9cada9

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.0MB

MD5
8688495478562a342681f29ba30bdb1f

SHA1
a73dd8877679c5283b003215e55ad89c13279d5e

SHA256
cbe236b284169140dba7ba3b8d3ab09327b29a3111959d3aa3ee2a549202e6b8

SHA512
c179d7d185c01e70849173eb6155895b09f2e43ee91c7b7b6b8a02b25a8ddbc7094e2257343f355d946e83e7ee06d88e50335390a27383105dd0086d7b99b740

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
1.6MB

MD5
ae215ca94d3183a2571545796884abcc

SHA1
ba4c723847f2ccd25de268a6c5811408faffdbc9

SHA256
d7ba5ae4544d0b18a7afe2536ce306d0bb0ae437f18a831842da68b3cc647ba8

SHA512
6371243d04eb56b1d6cd4ee62d2e9b28697b2ee369cc1f7fa682932e2236ea93a5e4022b3d24497e539e32e52fe26e8fc7b018099ed839d10969df7e122f92a4

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
1.8MB

MD5
bf53ce636c09bdd3df6d99e175b1028e

SHA1
4eaae8e242f70b124891dd562251116246341f6a

SHA256
c3d40b2124bb7c0e191ed985a287313dd65e074dff54271caabed2dbd9263f1b

SHA512
fa91858fb80a0947b7816eac269e5ee4660dc37d45fcdf4e40e2ea831a57fff044cca1a0e5cdcbde64ae3dbd44f06d139a8b2e95987604afd5be23596885c6c0

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.4MB

MD5
b5ca49b865b76fa4a6f4f290e7f3d1d1

SHA1
b896c054a70e05820dd9a7ac96ea506b8ae4d61a

SHA256
930ba492f2ee3d3fd437ce666e1e95afb88987ea6b230ceb6fa80b2a003c8508

SHA512
d2c4d7eeaf2c6dd6e9e5b47b564c5b8c3c72bf1f0b98cefb8885ebbe8349fe50a92ae5ac532bfa6db1b253c7a2acf9b349ff5bd0096db5e1560b683ae0386ae8

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
3.3MB

MD5
8c29b027a605168c65bb84e20ee107b3

SHA1
2819bd241db28a3730d09b0d48047c1c2164a8ee

SHA256
7b0fcf472352ef9dd84c6eb60967c77046076c6c50712852b749e3d63e10c845

SHA512
38cc6edd30eb409d9d688d16ad606b8fff33354e5650f6d52b2640a4e1ec3dab5ff94eb38277bcc1ba63217bdad6ee25b06269e0b428cb15a1dd0d8133a0ce87

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.3MB

MD5
0d6f86c105fbd3208742f82f14589475

SHA1
69399f55e6fa42cb0e20775f5d18cc3ad7b7dbe2

SHA256
f0c0c2f9378491a7a54416750bdf8afcac126dde90b1dd59436ae442d3847c2c

SHA512
f5fa2bde24a987b150fed661f2348ecf9cae944bca674c25d56a3548e8e4515b7d6f128d5942de084939b2b19130dec93e5db353d1a7e76a68fcf96c6ed87fce

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
333KB

MD5
cd3301d0fe44f63000b30463b13e564c

SHA1
a74735341e4f35593bc2d6987574484c7b294ef5

SHA256
5e0b092f503862830b21df802ad3f3d49c5e0bfbac1d4a6a328fe9c1e408db70

SHA512
37a4a74695851b7b5616aceab14fd974a3b7864cd2d46133fcc82b6b8752c7635cb4b0c094719f6b38796f6a8d89b60010ac2c526072264d11f313ea0f9b71a0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
333KB

MD5
f2c2588f3ea27c5b89877d39736568e3

SHA1
2353ec6f3aae0924c478ca156f1e82d07df6ae4e

SHA256
6a7e179ec3269ed9a0327e042fdcf7a41e227e0aee7efebf32f78fddf48a2059

SHA512
1155c81304e141c216143e690921a3a54f7704e8262870a12dee1333ad0bd930d09e6eff4448bb457c187fa144ae987c3ffa5468aed7caf939224e7320a8a50e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
540KB

MD5
3df53428e02ea2d0779d144dbf31ff42

SHA1
e5e9eb08d2cb29e5f2f254964044079acacc4225

SHA256
ca429ec805ba471d42abf90b643810fb2c09a5f787d12127c06b19a2c792681a

SHA512
afd88123ae245c0cdedd7e503d0920d4e92b70ec29503d0aa19890a353e37a4212f1d696a739a4a8742772d11edb5a673b8d3f3d9df822a731104160b677606a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

Filesize
333KB

MD5
6428a35cffb7b16502bfe83806165942

SHA1
8c0f3095864c662833cda476609b75692b8d34da

SHA256
d745fb730737b997dd140ab726ff93a3dd0c2de8472de8faceaf5f3cc7086f3d

SHA512
1cec4fef0b76643c263c1863e7a2aee17803f28e0e96ad7ebdc7095aa0701b9ce7d784bc5e3d71e239686637b857f5ed196026ffc40749358120de650abf790b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

Filesize
142KB

MD5
1c93e966128144122c267a2cdc44bb8f

SHA1
471b060991818b4ed53e2c29eb93e1a1af4edbf1

SHA256
108bb7213d9ede912fac19ec78e3f59ab7bbe44276850bb2549a76164e2d0ebd

SHA512
b69ecb357de1f29436e2715cc03ec6f6b7a30363dc9b09821ad8fb6c4462a1933c9a8b17c62a17a5515b292920ef87ae7d6f29731e31ec9a4099eea1ae969f00

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

Filesize
333KB

MD5
edf0b21b7c5edd0b3a5d2ae58ede7257

SHA1
ca69c24ac45b7b6f0a5f21d8a5f8cf39ae90f1a9

SHA256
7bd03d4f1b83bf83216eacd8306676dd60e93531de93eab0f86699ec2a16f528

SHA512
b2375d5e3b8bcc11c1a0dbefd2f4e0932f719a7785a56fb33b2ffe9ee28c9df164b40f6ca4734075251e7108262dc96aba4b65c0d5c7b88fbf689e42e949c837

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

Filesize
540KB

MD5
7a995adfcd63e35030b81d624a60f509

SHA1
68d8a2ff5eca138ccf7494de95dd2d86542d40eb

SHA256
f302ee42c500e5e4198d1620b91d75cf3eb1ec54330f052c229b607ad61d3b14

SHA512
c12e9b13b31be1ed9841247de1c143b72b9cd1643a8502e93eb8c02254d3a55565343676ef42b82839ce48ef2d913a6b4f02a80e8c9ce6b6a20a293bc4bbf2bb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

Filesize
195KB

MD5
45356448361370c24f0ee7b81b030df6

SHA1
a4d3cc283f5688a364e6fc318efbcb778f8ac7b2

SHA256
4b7b19b515f2f1bdbf7053769bfb9ceb037e7a9f7f57244183876bb0f6b92b4b

SHA512
2aaec83ba816250c9ce74d6316f9f1fa2cc97a78ffca09566493271f1202330d9d00adaddf91624985b949006477b530d3b1c4c563f003ad8a54a798f3890b66

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

Filesize
138KB

MD5
bbeb7c76b4771d70d6e39ac562b5bf96

SHA1
e8ae659c797135f03d677f900029a13fea011325

SHA256
033e5d02d1e3158943fa4e90aa545945555a85107169c118d8f62207775e096e

SHA512
f41e5abf762623b8ed222e5c7d95e783854d5d97f046b6d409a72bb76d7f2cd8fa35d30ae917096bd2e7dc411b9f4c4aa7dd8f3559ffa8605a866173b5ffb94f

Download Submit
C:\Program Files\Java\jre-1.8\bin\java.exe

Filesize
333KB

MD5
ed2188364c6a97cc8bca4f6e17d7fdb4

SHA1
949f6fd86033832879dd46937cfaacbe2e7fbe8c

SHA256
fb3fa7b23e7144a026a78ee3d780e91f93cf954532bc8e047d7f72ce6630c898

SHA512
d8bd49302596fdcfef1daa531ac41388b83febf8d3b4b85bf6c6605426debbc98f956f0f49c110613282225c571bf5c10b2418ecc8fe13b1d70f2b4ddd72d02e

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.exe

Filesize
142KB

MD5
a42a21de424274a6f902539258450fc8

SHA1
f103ed284cee87d0b7afa493dc221c29e48256e5

SHA256
c1a76f14157f2172961ae9f404356ad90f35ccfda7624b8618c9cf62bede461f

SHA512
e6cf33fbbb086291b85b681a4510e3e7a911a503d759e7cfe00d9c3060725a1762ad25d0436ea30543144b845ad6c98f36a37c0392e56f7c18ba91c14767cea9

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaw.exe

Filesize
333KB

MD5
7880291fecc33566f3fc636f0af26b0f

SHA1
82f2949a737cc69901a18071adcca054ceddaa4c

SHA256
43fba635df6d89d7154f4d7af224230d284adf20d06b951e482946fcb172e0ba

SHA512
2fa858e710c8962b7d51bb5418dbb0c9e554c158af9b81c9013702121e57d6034899d41e7cdee8e3cea38c940f1e3127bfa2242ed928f27366cb3ff5dfc099d8

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaws.exe

Filesize
540KB

MD5
8e035046e8b773c936abf76e1cc56822

SHA1
d4bd97324260acc393f7e4986957648071e8b6c0

SHA256
7740ff8c294e63db48cdace35000865ba3588cb57f011a675cd454cd4d92e7e3

SHA512
f5bfc3070f4d69d921fc1356681afb2744e60e2c1249ff728720d79b34adec9034df5a6dbe083f536a9d7fa05bcb9a140586066948985d3df5c7e303689e10d9

Download Submit
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

Filesize
195KB

MD5
0f80654b0aa8a097295cfd15283c99ee

SHA1
d8af26ed7f03f70a1d09064db0d7a76774df4061

SHA256
b004fce3176e8f074a28c940461638b0ecc51f055187a89c3cf784215f5102e4

SHA512
279b86256581d99616743e46da3008919bf4427b435813c548eaca3abdf3e57598c2883e2c914c7f8c415d6b5b121baa22905269e6b0437622a3968a46a1b6f3

Download Submit
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

Filesize
138KB

MD5
7450cd9fb720d0ea4d37fbce687c7fa5

SHA1
a39b5479fc6644461994f38e208ed8badd1d7a87

SHA256
08b120424560fa3865b5f2821ae471a6de60f8f90abf7b104b3232fdf4e60b62

SHA512
0c1bc25a9cbfe4a5215d3d5ae30ce77aa8218b3f88b22cda75e60e19cc3713cd44c07c04405989ab5db7f083f5d81012d79afe2e4a837537a0c857663646ec66

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

Filesize
4.3MB

MD5
67ad7ec9c15bfb42a6899fffddc61066

SHA1
a7d4816619caa1e7db767aedb5fa02b31b488f62

SHA256
f66adbaa25905b36c3cd9e7813b6792cf8f70e51e39c0314f3040487da4f6f99

SHA512
afb9ee85a14550962f7dccc5f295b4fa8cd0ebd0eb70daf9f4e8255c59bd659140018d0d03aa188868ab25dcb7577419943b78a088f9ab2ac6c3863ba6109b6b

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.3MB

MD5
a169af61c8be7231759186b598937609

SHA1
6608fe141f161e0845d1ad7ab4922acb253b3bc9

SHA256
bb86b85852f6bab688727bb09d48f167994d36f6b290f0464cfd8d69ece658c4

SHA512
acfdf6be265925b60c104f218314938ee9cf1b22b78295bf73b2fb169b007dc0065f944adbd5e5428c33f93f867cc800ca57ac29041234d3c04dc47e393b10f9

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

Filesize
275KB

MD5
69ac864042efb64b30a4b60368f58a5e

SHA1
a87234ac1bda87313aa8e53bd9d302b7e16e553c

SHA256
aeeb5e809f00f7436a9b272a7ce68a7cef18324d65b8394d14bc01cc8bec4f7b

SHA512
4606002417823880f0b7d7ea703d4f6c37d9aa2f79a389beb0ca391873379611fc7413673cb451b84ba621c74ccdbc2a5b815987cdb0c3d18a4d54d6fb998490

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

Filesize
588KB

MD5
899a3ae76943c870c4de3b8925e0f707

SHA1
fa27943645045eea4324cfc0e97bbeec1ce2249d

SHA256
d06f0daf602e3431e6af37544ecff4f15402047b9ff6524ec7f933fb93e237d7

SHA512
6d343f6c38fafd2a49cf4eb7b0eba0dcc68cea90901bdd033a781cfac8551de92d52c92759a8077ada472b975671296d5d69a3ee734cef8b82b3e883d6a81851

Download Submit
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

Filesize
6.8MB

MD5
c576d6de5d1a4cabc74651bb818b9acd

SHA1
15dc3ca2019a6ca20753527b8413aa38345755a5

SHA256
2fb37abb9c49fe08666ef6bcda51b4e727c6daa4dcb9374103217d41cffe5202

SHA512
bea6ebd176c72074698227323fab6c58391825ed31d646084bcdc7f6ef39aa6093f32236aa4d0a45ffb0374782906c02e239f1112396cd494f36655d2c919bee

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

Filesize
100KB

MD5
836fb6ed9063771659eec9a68f40d69e

SHA1
4b825c5831fdd433b7cf2900a79a25a7b7009ab7

SHA256
941a438a8fa5de2e5bb0a6905ac6da52204e7e5df85bd945c41d06f6fe676a85

SHA512
fb0d27dc2b8d0c468516952e1092ce644e156d91a263ad0cd96142dc91e0fc7137103beecb6200574f0e1f01b6d6f87cc944be44e16eca53a8079a591ea04d32

Download Submit
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

Filesize
449KB

MD5
9394d5053c661760ab30684977625ec8

SHA1
b7a276bf7d63684a416bfd3e7a9998dd85d66e65

SHA256
a271e5311d81848926a427beb8b9d94eefe80ee3b8cc7ed42e6066d59fa88ddc

SHA512
aad185f2bc1a2609fa8aac833a0c5064725fab9224099e6702a3790bc3dc575f094584c88eaf7d0c256984b6c8c56c331e4a3852e06a644aff3a71633d51fad3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

Filesize
877KB

MD5
5b4a82ffff6fe3faedd2e99ee9284da3

SHA1
467c366b709c7d9e03aceea16e90b8361afbb230

SHA256
520f7e708863c82cdc2dccb8c227641eb0f388818499fef655723cafb4cda554

SHA512
755eff9b22e63c095858f03c0327774db886be18fd76ef3fcfecbe13d2afab4715de534cb8ccc149e7c6051e22b98838a94ead094a86a9da4a7b13515d97d440

Download Submit
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

Filesize
189KB

MD5
c6979d961af20b6d5ae1e35be29092c4

SHA1
4c1f655baae3a7dd8a20cc816e7caa306524cd82

SHA256
64b518abbe3a30d2fb41e090d78462f798ae62875c0765756d5ef501bd85f6dc

SHA512
b76a61d5402626f8bd342e2827a3dbc96faf5d721a3263faf464f6f15fc5743c991514df1d3f80c3d0b0151e2960eeb02e68e880e0e31a8d55f52ed5045b9a33

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

Filesize
2.0MB

MD5
9a498b91dcacbfb490d28ecd7cceff90

SHA1
23be23cb6f0ddc62ae5c7f13ade6f595043a22da

SHA256
dec3a8e599e962ea11288cb70690e065e898eef992c2aedd8e233c367a6a0371

SHA512
4cd747d01a598666b3b58b60d21d3a21744ccc374323fc9f424ceaedb8a80c405b64e5c3440702098d8cef62633786ddb65f7a4f6755fb2475e612fed5181f17

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

Filesize
341KB

MD5
92df4492b588eef270faa35329e4580d

SHA1
88be14f0400b01bb2dfa61d842e8e22ddaef1375

SHA256
114b76d8ab8882477084b0378a657f76fbeecf5a29bea49a79c5bbdff456092f

SHA512
f828e7a9a87801f17dbcc6f0c95ffa457376a31d3303ab2428f5929fec582235c36cfdba24ff9ae6f6c3da71ad5df14e45f2185ef2926b0007ed5ab42db1b148

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoia.exe

Filesize
6.0MB

MD5
a289327bab7739fc17462b726d5170f4

SHA1
a0b9e785592fbfe2a62bb9d63a7ccb9e493d3596

SHA256
197a535e836da520934863923d2d1911f63e16fcc1166694250240c9bfc5ffae

SHA512
de67e9fbc503593ddfbfa2cb95718c4848a8e08ab981b45b68bf7c7255f0fe730aeacb03bfcf747138ce2fde4f5be5eb73397518e065c7b0ab07adb4a358957a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

Filesize
596KB

MD5
45f908de776b6874880b0752c2a7c311

SHA1
81db7a5f98d56726f302baf1111a9d22a71d50a5

SHA256
2900521fe2a053d00a10d9917b5cfbd6d13fd2d910cce958d1c31b7a311740f6

SHA512
ef137c1c3168f2287a7351ba7301685b6c9265361575042f3f11c8aa30f204e5b39992febd53d9507ca569b9033c94e6ad2086fea9d6f6abd88348fb434c7467

Download Submit
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

Filesize
6.4MB

MD5
5c657a342b3c1e9feb5e2df7e8816dc0

SHA1
2ae883ddee12e79de8984e1656c041b1bae74ca4

SHA256
2ba906d54ecb73006b7f4c19831c66b737b8a8c40be5eaf5c2ba3d64b02bd64f

SHA512
05074127b550921b7db4cda2e38372ab20f95b333763d09d9ec1d7edc0a81c2b14e4d869799de4586a29e82e86c8f73f94f622e52e86ebcd4d2c7276416acf3d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

Filesize
2.0MB

MD5
01ac148e6c36b39b66eaa71271536d1e

SHA1
2778bd33f91bd4f14e864879c62e4cb66e21d6ad

SHA256
ec7d046e3b1d8ce5e3f73968e5fd6158e7cd1fab76739fc85cf68f60deb9d1c2

SHA512
bf09efacaab7ee6be2b65d486ea16f605074b3d9981a7f7a2c9f2e2a633365a0041ad98c406c017ed32c75e937aaa557c60f26d2312a40b57995d049b1dd7994

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

Filesize
222KB

MD5
53585f15c9cb5ab9e0c050b571b3f12a

SHA1
0da6cbdbced87df7308e46ee9d352c8bfc53b5bc

SHA256
1554e67d80e02a040951dab0a0f27b3765c51fd6fd3616c94be4b35b33a74311

SHA512
016ff23c76f818653ed330036b7fab7f9e7ebc241abb367fba3889e6e2f0065e12eba2af75a6b7e710d71068553fb43e06fbfda9d5c9d7d253b13494641ac4c2

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

Filesize
2.0MB

MD5
248b808ef87314f23d79e5ca0da1dfa7

SHA1
9bc3a8cff6f4be5124504d0ea1f91cdeaf68df0e

SHA256
7cefebd0b544ee435d8089ae128bc5cea4f4c03855636caf341f07300cdf23e4

SHA512
dd78806e278c95ada432ae5a75076d015ce2fd155c086fe51afcf5e90362783d4226d2f2463f0b29d5452228bfefd7438a84ad670fd7f0e5b574fdecf21689ed

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe

Filesize
324KB

MD5
ae73a2f542f68da9ccf086c46359f739

SHA1
a46b87d896ce7da33889836d6f7a04b77e4d5698

SHA256
d18bf5a11dedc1391c55a89fb5111436aa9fe651173cea138d33c74071a5a7e2

SHA512
66cf3a9c84aefab0f8fdd655b03be12668f77c8bf03aec6e963dedc045405ec13137a717256dfcf1556864f55c05ce4b0af9b8f1f23fd48f2fbde57bc6d94ad7

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe

Filesize
803KB

MD5
29f362a65002531da5d1d0e4d54547e7

SHA1
917246cb0b853e3281afeced7a9fd310aee4cf92

SHA256
5f1c864d6c80aefd240a77b83ece58d429461d5d954636b5458a59392282aa31

SHA512
0ea658a8b414660324dc3964548313a3183851b14ca642d609145b61e3cb8e9b330090fdacf4d03c73f434e1053918ed71f81ec01bbe25474dff0a5a49adaf34

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
777KB

MD5
7abd409c19527d15d5df666eb1f0a8dc

SHA1
5dedafae7be52ee33fe465c8acafaad82a5ae49e

SHA256
c1d80f17eeac765b2dd48caa38b77b1b3cc113c2aa442058858f4acd4913a656

SHA512
a56afec858c2d47cdbc605521642ce325c27681c9e0e5a71c9e40c8123824ad3a2d4dc7a29d5cbf3be52d8f7cd97afc4e2f3d287c22e8af21a9e09ecce2a6f0b

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe

Filesize
301KB

MD5
fbd0a801e16f0e73bc9fffd040e9d4e8

SHA1
db80e8b047a97089122e00d45334a52d877063b0

SHA256
570455f4bbc854b75ef213266734a83af70245205bbf78f7f53bec54056aa82e

SHA512
c493e8cd41809419e7f7e3e27cec15e1a8573806248d4d5ace0063ba5d3be05aebc8a549133c367726c3d8577ffa641f3ef30a12cffe55ccbf009f6485bd4177

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

Filesize
829KB

MD5
c671f7fd1d12eab1437f518405f44299

SHA1
fa0a1ccc9d218cd313e90bddf8e69e177be12774

SHA256
6e3fcdd454d8ed45c0b9e7a2cf095ca2ab8a92176fbe48b9d8c431e9f451b854

SHA512
4e1957f50f837d2712487bb3130a1537de1e569f0ae2242642619774a79470e4c23b4cd6c56ddb1ae0d6fcf46190417d5d8b404fc7ed5ce22f73eeac59592b50

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe

Filesize
121KB

MD5
f10982c5ecf4b04bc13c62297fec21d3

SHA1
836a1041f05ae2c6d49fcf64ef68dd6212489364

SHA256
44bd5bd226722ea0da59579a4354135b2c94562d65cff559c20b56d8cee34abe

SHA512
5b88e31cd58efdab1a3fc86f3ec1b683297d0fc802452f1fa7d0a77cf9df423b7782084707538763e83bc85ffc81b4449703ee22f1ca8c94fa8f702f57dcebca

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe

Filesize
392KB

MD5
63042d4b8e056c8bf835941ecd1eeb04

SHA1
5118ec0d69b3d737bae76017cf010e8168492308

SHA256
729ed0126ef40f91cfd2b416984571e2d0c5e1fc30edae25db14ebc781429f9a

SHA512
215a9d3919e97212fcba21b1be15fb95473b033024921ac8760ffc6e260c683ca2ace3bcbac0bb5871f795c511eba3dc2ce363c93eb56921f08efeea80a975ae

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe

Filesize
465KB

MD5
42ca2c50b81aa38a87b321668587f6dd

SHA1
de40e424ae773efa667dbd61bbea311978905844

SHA256
3b8dc2fc0cfd4fb26377de2bb19028f3800cdb37de1bbe0dacd2dcc19f815f00

SHA512
676bc82d8f0a716a63fe21fbe176e20dca30458a6beef7e037e5a83b0abff0185d0a5bed02c684fea4e984fe229c29a8241c55ee4de5924082d7e5c6ea21d3a7

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
189KB

MD5
62836d60683a0af8e1982ba5f1534292

SHA1
7f9066dfd17f129a5d28bd0830a676a4c4f9574e

SHA256
a32ea068c796db1061e0e119478620d1c40c8cfd73b622b151e90dc007c8d6a1

SHA512
1ae33b0c2a9d83d1249056ac12c513edce0c266e174c8d4775d170c91ac26c2500fd5d170ba28a9d60b5855b6b8804d14609568f8ec00e9dd916461e22a00d35

Download Submit
memory/3152-0-0x0000024502390000-0x0000024502394000-memory.dmp

Filesize
16KB

Download
memory/3152-3-0x0000024502380000-0x0000024502385000-memory.dmp

Filesize
20KB

Download
memory/3152-10-0x0000024502350000-0x0000024502357000-memory.dmp

Filesize
28KB

Download
memory/3152-11-0x0000024502380000-0x0000024502385000-memory.dmp

Filesize
20KB

Download
memory/3152-12-0x0000024502390000-0x0000024502394000-memory.dmp

Filesize
16KB

Download
memory/3152-4-0x0000024502380000-0x0000024502385000-memory.dmp

Filesize
20KB

Download
memory/3152-2-0x00007FF7F2B70000-0x00007FF7F2C6A000-memory.dmp

Filesize
1000KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads