8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Size

474KB
MD5

636e7afcf22c1b86be969221aededcf0
SHA1

5448100c4dfd6563931f3a452ca3bf4a8f8a0a78
SHA256

8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca
SHA512

01e1073be4b71ffdcaa00b74988cedab95b008061776530f3f228ec86bb876405cb4f61d4efdb6db3a78141f65efc98a62de7c39109a4c299660b6656730093e
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJACRb:rqpNtb1YIp9AI4FA2

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
1144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
3028	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
836	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
616	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
812	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
2816	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
2144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
900	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
2108	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
1604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe

Loads dropped DLL 52 IoCs

pid	Process
1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
1144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
1144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
3028	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
3028	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
836	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
836	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
616	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
616	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
812	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
812	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
2816	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
2816	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
2144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
2144	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
900	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
900	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
2108	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
2108	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
1604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
1604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = bd255828f391b3ec	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2944	1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	28
PID 1792 wrote to memory of 2944	1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	28
PID 1792 wrote to memory of 2944	1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	28
PID 1792 wrote to memory of 2944	1792	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	28
PID 2944 wrote to memory of 1732	2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	29
PID 2944 wrote to memory of 1732	2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	29
PID 2944 wrote to memory of 1732	2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	29
PID 2944 wrote to memory of 1732	2944	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	29
PID 1732 wrote to memory of 2708	1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	30
PID 1732 wrote to memory of 2708	1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	30
PID 1732 wrote to memory of 2708	1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	30
PID 1732 wrote to memory of 2708	1732	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	30
PID 2708 wrote to memory of 2752	2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	31
PID 2708 wrote to memory of 2752	2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	31
PID 2708 wrote to memory of 2752	2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	31
PID 2708 wrote to memory of 2752	2708	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	31
PID 2752 wrote to memory of 2932	2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2932	2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2932	2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	32
PID 2752 wrote to memory of 2932	2752	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	32
PID 2932 wrote to memory of 2544	2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	33
PID 2932 wrote to memory of 2544	2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	33
PID 2932 wrote to memory of 2544	2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	33
PID 2932 wrote to memory of 2544	2932	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	33
PID 2544 wrote to memory of 2356	2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	34
PID 2544 wrote to memory of 2356	2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	34
PID 2544 wrote to memory of 2356	2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	34
PID 2544 wrote to memory of 2356	2544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	34
PID 2356 wrote to memory of 1544	2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	35
PID 2356 wrote to memory of 1544	2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	35
PID 2356 wrote to memory of 1544	2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	35
PID 2356 wrote to memory of 1544	2356	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	35
PID 1544 wrote to memory of 1744	1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	36
PID 1544 wrote to memory of 1744	1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	36
PID 1544 wrote to memory of 1744	1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	36
PID 1544 wrote to memory of 1744	1544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	36
PID 1744 wrote to memory of 2328	1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	37
PID 1744 wrote to memory of 2328	1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	37
PID 1744 wrote to memory of 2328	1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	37
PID 1744 wrote to memory of 2328	1744	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	37
PID 2328 wrote to memory of 2700	2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	38
PID 2328 wrote to memory of 2700	2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	38
PID 2328 wrote to memory of 2700	2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	38
PID 2328 wrote to memory of 2700	2328	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	38
PID 2700 wrote to memory of 2384	2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	39
PID 2700 wrote to memory of 2384	2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	39
PID 2700 wrote to memory of 2384	2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	39
PID 2700 wrote to memory of 2384	2700	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	39
PID 2384 wrote to memory of 1160	2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	40
PID 2384 wrote to memory of 1160	2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	40
PID 2384 wrote to memory of 1160	2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	40
PID 2384 wrote to memory of 1160	2384	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	40
PID 1160 wrote to memory of 2312	1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	41
PID 1160 wrote to memory of 2312	1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	41
PID 1160 wrote to memory of 2312	1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	41
PID 1160 wrote to memory of 2312	1160	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	41
PID 2312 wrote to memory of 576	2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	42
PID 2312 wrote to memory of 576	2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	42
PID 2312 wrote to memory of 576	2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	42
PID 2312 wrote to memory of 576	2312	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	42
PID 576 wrote to memory of 1144	576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	43
PID 576 wrote to memory of 1144	576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	43
PID 576 wrote to memory of 1144	576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	43
PID 576 wrote to memory of 1144	576	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	43

C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1792
- \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2944
- - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2708
    - - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2752
      - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2932
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2544
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2356
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1544
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1744
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2328
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2384
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1160
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:576
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1144
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:3028
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:836
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:616
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:812
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2816
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2144
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:900
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:2108
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Modifies registry class
        
        PID:1604
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe

Filesize
474KB

MD5
ff5e7f0ffe0f05422be13273b0912aea

SHA1
b2da587f7d4aa963a482e57e6ede76054897ab46

SHA256
d29a0a4905471d392f0f4b3466839918d816e0df7393605782319583d0caeb85

SHA512
711f241bb984037e6348f699cc537da248144faa3e6ddab49139bfa8e9f437578e9b12b31f1463785439110b1cb865ac3cadc65cba4bc19ea42eb50f1a0b2199

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe

Filesize
475KB

MD5
a19cbaee2bf200db522e380559602be2

SHA1
7d6fb1038616a2d0117e2ac93437b218590a2fe4

SHA256
692a14ebeafb62665978cf9c517f23aa84afea5bc55062d626a07e2a8b870530

SHA512
7bd4d425284096d8bf53fd4ae507dd6e7b3bf7c26d06936362941ad9f2c3e2194477daaac71a8bd3ff8bb8df66932df9f8876cba22d7246aa2913381af4263f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe

Filesize
476KB

MD5
70d7793d98fdf93398067568331a0a89

SHA1
0aea03a157f66e1ff4598fa3f02d761ab9397b43

SHA256
c1e1769fb57d11d5d34c4b76324bba79ecda9efa47c4be3a00d66a465c81cc58

SHA512
3d3a5091eff7dec0b1b487e4f0d859e7e7352e1604b4017da8e4609b8db5e803a644d43d5d9ba5a3637b03c1823dce0cc4cf87a4d0050e897549a7620e2607ca

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe

Filesize
475KB

MD5
be3fc8621d2e168975646356e6b3449a

SHA1
8dcc820028b49b33fce20d56fc77df44064af2f2

SHA256
4b9bddda56696d0ff1084d774b81dd784c12e0328cd8125849d74c10e9633364

SHA512
9cefeeaa552f9430d48b62b637eb16cab56fa8c4c2b892f4bb48c0aeceeb2ac74784b2ee65db5bbfa001bd0561d626dcf640efd0174225e94c0bef6c35bdf06d

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe

Filesize
475KB

MD5
77b44756648c1fc32ccfd380d15fe794

SHA1
39f1d08f3242556186eb9c70a3d52196e4e395d4

SHA256
929f46277d3f7827e1a4bd056bb7f8b86356ad19d0a6da5df0b4de105e7d6eeb

SHA512
26ba7febab5c378dcdc35032413e1623f7f26e5ec0a3d81e975aea5885b108c1971bdd29b40a056ef7fde1874e82f326e4397353233607f0b0f6e1edc429ada6

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe

Filesize
475KB

MD5
3991c8ec292f6fc6a7b93a24cdcaa885

SHA1
6818211d8122ca954d00480a01f9b09a0412ebb7

SHA256
40144a8f427c4930ed71df51bd09f27ed143d77ae404d7df9dc3da1593b62e86

SHA512
efe3b0b0c3263df38fb24773e140accb66652dd92223b9b73fc9dc917bad07498720ee3cf3f190e67fbe70907be793989b93d4ce447a78da2dba900262b148ce

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe

Filesize
476KB

MD5
2591d5d6bf1e94ce9b3ff46c14ac6a1d

SHA1
eaaefd5db8ae06a842e478f7f59cd98e38835707

SHA256
df1a1ba817343e91b2bd95f221e8393970f42c9354426c03bf6d938f3a47f80d

SHA512
d3f513095b430ecd4952a54982a38e340e2710a0a1b1c20b29c22ad0139021be1b8ad0e83509ee94a42f6b95ecae84aa556120f876790d63980756a951394b4b

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe

Filesize
476KB

MD5
c9842b02f73d9f39c0ce89687b05e75c

SHA1
39b8abcee931c8b8c6dede4f83b8273784740cdc

SHA256
393e566d36954f55c30b39819be85dfe69569b07f90b1a10f29257cfc65b8da4

SHA512
24f7b6ecfb8768862621ac33bc519c32109e25978de17d4c0c38464006b60d8dbef068a44cc04ecaaf5157b0f9b822c42f1abc232bfdedc03b031d95dc54fdd8

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe

Filesize
476KB

MD5
701040ab7b134db3f0e96cfc7dbba5d7

SHA1
70669b21ddd6472147fefce18bcc0f7257d38f73

SHA256
25b6463fca0aa0d75a99000d6c45eb16652213f932d299bec115d13bc5e071ab

SHA512
e3fdbeb5dc9a5cf220c0e8fa0aadfc6cb20c182e153fef96d1efc9c291e8670d7665bf39313afec93178fedd89d0c039184aa8f09247e3dc997b2019c5794350

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe

Filesize
476KB

MD5
ceefddb60b2a67bd636f358d19f81b2e

SHA1
d54f81b4cfc54e5654b1c26cd9107f5e48b93b3d

SHA256
3bce7f42206ae58eb69c1be654e77390b46846f7c7bce29fa8254c5f66f4e635

SHA512
ba292b8bd11ee388929efbff8d613e2c4988a08eb7ba82b390deb679937e1f697658e269c7d6cac7318fcf88516b303da32a4c7b23d492734ecbf7b6526f381a

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe

Filesize
477KB

MD5
913e6f3b2393dfbbb34644c86525fdc9

SHA1
6a13d293a8019ec67df21b2c539c8449192cdbea

SHA256
4817d6ff69ccfd952af890dac585a4f7f4f512062ee955501d69c8c95704febf

SHA512
9bb3a47ae80e6fb5b22973daf087b6dbfb8643ef560f4ab2d7247d95c7227a5e5569f0c53ea233528489582e97169dbc768066a6cf813880212775eaa3dff2bc

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe

Filesize
477KB

MD5
1933a326034214caaf68c258d356ada5

SHA1
1045fbde13f14854847f5355b4b11d658ce8b62c

SHA256
1dcffb96429b8e7186f316751673c4357747c5243d55a7dacacab74a65f1cd36

SHA512
c0f989b1d0e6a0aa39e3ee2e2bec9ce5cf1ae95b1c5f737680a3d9875acb05e31b92d46ffbc0470f5687dc6e284a72fa8010f0c04980bfc8049c052259fc7d5d

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe

Filesize
477KB

MD5
3028e033f98f74062b8249b374e3379e

SHA1
f8c7030e5bcf42b3d523ec8d3e97ed4bba03fb71

SHA256
11a2fdabf8c0ca4d8149e10a1a777d073d8e0018365fe005c41ba2f3f79f2b4c

SHA512
ba7ef694f1b04018d37a0fee55d7cd09faf1a961b0d07ac24b14429c71c7c89ef740708f02ca3b6225c73fa42a6637197049e0f8f3ecf064435fd9a5af545eac

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe

Filesize
477KB

MD5
040f82e13177982c5f2de20fc5584a73

SHA1
a2b41d76025ff8a4b7e12b756111e459a2117cdd

SHA256
7e7c8bfbe806189b52ecc0826c02cd0d654478ccb5df8f26898b3a77b6dbda58

SHA512
cf361289eb758375b16b4cf2e928cef3c6d4299f4a6889d962cf765decca484e2b8ca70b7a0f6b233cef64db88b165a78f3b3e66740dfb27dda2685683c88644

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe

Filesize
478KB

MD5
a4197d90bf65d35328f29baafbb5f762

SHA1
4720b511534fdc073ebc1812fe6c1a0da9f14613

SHA256
bc55baa02e83e591e49ba1147997c058792688568b2dd6950d467e1235373e89

SHA512
97cc475ea9ceecd697a666565742c7b2886420ae19d6bbccf6ed245cc6e52c839c9ab299da2642aa4a7eac66d64283788ec2da2cc5614ce6f29b7f8382e1ce93

Download Submit
\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe

Filesize
478KB

MD5
facaa73373c32483c519ed49741cc8aa

SHA1
c801ac77c654b817a0bdf436a00e9ae6419636ea

SHA256
07e7a76c63d7b9572bc628985ee615a8293915022580deaa8b01eef801b63fc0

SHA512
d244890d9ff25a938692a54e635f9b7807aa0750d045d1a5066fdd7931ceeb968c5721f69992dba49b3bfa41b7e29478568d2ff464f3f872882d1d4495e54d2a

Download Submit
memory/576-237-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/576-251-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/616-300-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/812-311-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/836-289-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/900-345-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1144-253-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1144-265-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1160-211-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1160-214-0x0000000000280000-0x00000000002C2000-memory.dmp

Filesize
264KB

Download
memory/1160-220-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1544-141-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1604-367-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1732-31-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1732-46-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1744-142-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1744-156-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-13-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1792-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2108-356-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2144-334-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2312-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2328-172-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2356-125-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2356-117-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2384-189-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2384-204-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2544-110-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2544-95-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2700-188-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2700-173-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2708-53-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2708-61-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-78-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2752-71-0x0000000001D30000-0x0000000001D72000-memory.dmp

Filesize
264KB

Download
memory/2816-317-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2816-323-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2932-85-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2932-93-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2944-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2944-30-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2944-368-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-277-0x0000000000540000-0x0000000000582000-memory.dmp

Filesize
264KB

Download
memory/3028-278-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3028-271-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads