8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Size

474KB
MD5

636e7afcf22c1b86be969221aededcf0
SHA1

5448100c4dfd6563931f3a452ca3bf4a8f8a0a78
SHA256

8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca
SHA512

01e1073be4b71ffdcaa00b74988cedab95b008061776530f3f228ec86bb876405cb4f61d4efdb6db3a78141f65efc98a62de7c39109a4c299660b6656730093e
SSDEEP

6144:rqppuGRYx4H712f/SBTpzZA6rXD40b+7TJACRb:rqpNtb1YIp9AI4FA2

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
2284	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
4604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
2324	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
800	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
4416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
4288	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
1280	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
3544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
4940	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
4060	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
3016	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
3808	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
3184	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
2636	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
1572	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
3988	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
552	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
4936	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
2056	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
2652	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
392	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
2856	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
1020	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
2080	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
4704	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
1680	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = dba6b8b82971fc13	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 2284	1416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	81
PID 1416 wrote to memory of 2284	1416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	81
PID 1416 wrote to memory of 2284	1416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe	81
PID 2284 wrote to memory of 4604	2284	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	82
PID 2284 wrote to memory of 4604	2284	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	82
PID 2284 wrote to memory of 4604	2284	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe	82
PID 4604 wrote to memory of 2324	4604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	83
PID 4604 wrote to memory of 2324	4604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	83
PID 4604 wrote to memory of 2324	4604	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe	83
PID 2324 wrote to memory of 800	2324	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	84
PID 2324 wrote to memory of 800	2324	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	84
PID 2324 wrote to memory of 800	2324	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe	84
PID 800 wrote to memory of 4416	800	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	85
PID 800 wrote to memory of 4416	800	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	85
PID 800 wrote to memory of 4416	800	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe	85
PID 4416 wrote to memory of 4288	4416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	86
PID 4416 wrote to memory of 4288	4416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	86
PID 4416 wrote to memory of 4288	4416	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe	86
PID 4288 wrote to memory of 1280	4288	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	87
PID 4288 wrote to memory of 1280	4288	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	87
PID 4288 wrote to memory of 1280	4288	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe	87
PID 1280 wrote to memory of 3544	1280	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	88
PID 1280 wrote to memory of 3544	1280	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	88
PID 1280 wrote to memory of 3544	1280	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe	88
PID 3544 wrote to memory of 4940	3544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	89
PID 3544 wrote to memory of 4940	3544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	89
PID 3544 wrote to memory of 4940	3544	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe	89
PID 4940 wrote to memory of 4060	4940	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	90
PID 4940 wrote to memory of 4060	4940	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	90
PID 4940 wrote to memory of 4060	4940	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe	90
PID 4060 wrote to memory of 3016	4060	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	91
PID 4060 wrote to memory of 3016	4060	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	91
PID 4060 wrote to memory of 3016	4060	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe	91
PID 3016 wrote to memory of 3808	3016	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	92
PID 3016 wrote to memory of 3808	3016	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	92
PID 3016 wrote to memory of 3808	3016	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe	92
PID 3808 wrote to memory of 3184	3808	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	93
PID 3808 wrote to memory of 3184	3808	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	93
PID 3808 wrote to memory of 3184	3808	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe	93
PID 3184 wrote to memory of 2636	3184	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	94
PID 3184 wrote to memory of 2636	3184	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	94
PID 3184 wrote to memory of 2636	3184	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe	94
PID 2636 wrote to memory of 1572	2636	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	95
PID 2636 wrote to memory of 1572	2636	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	95
PID 2636 wrote to memory of 1572	2636	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe	95
PID 1572 wrote to memory of 3988	1572	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	96
PID 1572 wrote to memory of 3988	1572	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	96
PID 1572 wrote to memory of 3988	1572	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe	96
PID 3988 wrote to memory of 552	3988	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe	97
PID 3988 wrote to memory of 552	3988	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe	97
PID 3988 wrote to memory of 552	3988	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe	97
PID 552 wrote to memory of 4936	552	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe	98
PID 552 wrote to memory of 4936	552	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe	98
PID 552 wrote to memory of 4936	552	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe	98
PID 4936 wrote to memory of 2056	4936	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe	99
PID 4936 wrote to memory of 2056	4936	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe	99
PID 4936 wrote to memory of 2056	4936	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe	99
PID 2056 wrote to memory of 2652	2056	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe	100
PID 2056 wrote to memory of 2652	2056	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe	100
PID 2056 wrote to memory of 2652	2056	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe	100
PID 2652 wrote to memory of 392	2652	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe	101
PID 2652 wrote to memory of 392	2652	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe	101
PID 2652 wrote to memory of 392	2652	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe	101
PID 392 wrote to memory of 2856	392	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe	102

C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1416
- \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
  c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2284
- - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
    c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4604
  - - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
      c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2324
    - - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:800
      - \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4416
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1280
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3544
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4940
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4060
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3184
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1572
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3988
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:552
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4936
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2056
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:392
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2856
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1020
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2080
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4704
        
        \??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
        
        c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe

Filesize
474KB

MD5
b17141f7dc526a2a7c54447aeec5a68b

SHA1
9a8841d692e7d0ce4360831468fd2e3cb525f971

SHA256
c61a157c5603e4b749f3cc53bfad839e9a6080aff995b016219404a3db540287

SHA512
3c4e9911a3df9cc45ac55413d767ec9fb40b1d563d8efbfadfc7c8e815ed34c6f3676f6776a0faf48774911401268a874e5a1894f4924c57c8a22cf6f60ff13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe

Filesize
475KB

MD5
46569334528767a8a574a0d727c55665

SHA1
6a7e32ea7b4edf1646af4ccfdcb122048cd6540a

SHA256
40e37e487fe4f588515d4a95fe3f1cf816cc98da737697a70a4b34ac0416dc6c

SHA512
e337a4095e74f1454bb352899db43e991178bb0d0246e146a15235ecca959e61019c441772fab3fdc4d70dbbae48285a6b0d92de4bcb6a377e0f399501dfc026

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe

Filesize
475KB

MD5
94818fbc4808d7f126a89d2034b2558c

SHA1
a4b2581b66430adf7d6e0c5a8f8fa61220922b04

SHA256
66d8c11f99138b14962f6e09f4d1ea96ad980b5b083f61dc634c04188710ed75

SHA512
ce06f4e8282dc4b00bec0945f196e7b6103211489ac0b831c5191ebe0120338be50a33c6b674a42c9a372c296eadd4018a500e5f6444586312d9670eb527d62a

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe

Filesize
475KB

MD5
7436dcae562aca8e3001e0532e9d6164

SHA1
2f01ed892082f808f5169b02b4341251822ef30c

SHA256
d57be02953e63d3432b5d36bf3347242d605905080a0d22045ed21596cbba881

SHA512
0f368f1cb292be6902330ecc7567d1917ba777ad100e0c68ec0c4705aecd2c39d0486c80d24b326789acb69d906c3ef1021af4b36f1ef94564bbf5c9bdc9cb84

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe

Filesize
476KB

MD5
9c527f7c909a7a5d72bf949cf750ecac

SHA1
d7825f53be593b02c571e2885bea3b60f2106a3c

SHA256
816ca360e5e179597644a532e6ea58813ed2bd31ef0104b78a464a29e9b269d5

SHA512
2207bb81acd30e7e723bc8ce05ae5b17c105b387952c7c800507cc06532d69350117daf1f2d258fda5163a534009912f5d1059f6c8e8f53b5757b13d40843e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe

Filesize
476KB

MD5
1b5ada2c061581d82cc8543c537b2d05

SHA1
6c7a3313041ed3d4cc57ad0d5ca810d3815c17d1

SHA256
ae59d51e6af522033eedda796aa1edeff928395d49f57c75c8da58b7d9034f58

SHA512
a981557fd9af2e488a2c76fcb1123566601cbafad13290d0b18a8db5057ecef07ef006233dc33712d4357e22c1b8a6880bd1e056913c6df4af1d8e483b27c0a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe

Filesize
476KB

MD5
7203a888c75037370a41b5415e75aa3a

SHA1
a54ec4014d2b20203e6ea4ec1f842013c61a43dd

SHA256
c28408820d604d8f8025b12ee3cd65e475753cbe72f7fd1247e7e21ee2339610

SHA512
57a8825c7dcb7c1fccafda709f42232dac8512dcf16d2c42ff266c5be20a560f62e0add5f5548b0c8acafe05eaa07e1fea174ef90875f81a764c301def1cb321

Download Submit
C:\Users\Admin\AppData\Local\Temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe

Filesize
477KB

MD5
bba501a6a73d0821f8d05f1e75977f2c

SHA1
6f26d0ef866dcfab003db7bb71e9cb09771eae85

SHA256
1967897143bf28d56caf7bcffaa6c1a634e15714617c307c7e2cd128327aebe0

SHA512
da774789d1ee976c0ac9a9516d7b0eb427b34cf6ce3c52cb14b4ee090230e5dd059465be18b552d2bee0711dd135c3a367e609cfba4ec30c2289470d8446ecfb

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe

Filesize
475KB

MD5
fb77768c5f64fb8ed4c89d16a8ad6778

SHA1
322c09849e7eb32ac6cc98763c320ae4cfb5116d

SHA256
3461a6e0442799caaf5e50be4d4cff36ade060849be5097e0bf1e776ccc27278

SHA512
abb7ef719c90821e3e7bc224cc11a50884b3a80a1f2a75f53019e1e40970f59ced0b15470c44ec9e50dc4f73d486b6e20393d997f41682f4a2f6dcdb06dd6ecf

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe

Filesize
476KB

MD5
1f9b18c5da17d1f14408b3b30da0599d

SHA1
284d4b78d2a44136659eb6a6bea35164d9b8e758

SHA256
80383e576b844689f9fc78f69faac4163164b62e236a28e55f66c44726918b0b

SHA512
b3a736f4f428c5a22161711a9f75dc86af17e1db698d7f9c0dce9fb293806808bf292e40b8165ba08fb6b4439b544cd1bf4e1acc34092c429ea64cbf3fa45ac9

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe

Filesize
476KB

MD5
f0191b3b45c5463375089d885b86a4fc

SHA1
88856b2a847d97438d4cd04eecfdf874d41f41cb

SHA256
3958c8fa90e516d9a5608cf298afe9b0492c01f1b02e8317c12ced704f80920f

SHA512
94d51e1cc3de8b30bb392430893f9ee588247c6c3ea3f2cf4e199b4632ffa0da6a9c8e5b86b5f7349f2843e16193e0d879e5c237a0c996e8fff00bb71b8b61ce

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe

Filesize
477KB

MD5
dbcd54c6a946aefa1131529c42dd182f

SHA1
552644fd96cd29cc356eed1800fb1ddb178b2cd1

SHA256
8c251c83c0683ce0ece3ac53bce73c648a17aaa339caab7c26682390e16d726f

SHA512
a39921babeeb5e70d57be1bee894141326bed5cdd96c0531144e4035599d06416991731331a6c36968374785bb00242d64454e473792e67e79a60f209553a90f

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe

Filesize
477KB

MD5
1b4e0fa942ca5bf8db56f88e46cd032e

SHA1
435f475632e782800ae6e38f03df17eccaef88de

SHA256
6bb63f700228187bfccadb66fd09f68c859af4486223609297f02d66ae2e82f9

SHA512
6a2f7668ba8d2a6dae3c3c572922f8caa01ad37e2557618481d25ec4ac0fa6a143abb30420402496cdfa46a0bb0a2b252128c24574815abf61f7b0ef3a64790e

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe

Filesize
477KB

MD5
2361a3f69b9a381c4e3490215440770c

SHA1
05b20d888092d5dc2fb5b807e93015f179f08834

SHA256
a9034d029dc65baa567d5c089fa9e9982a98f4300a84187ce7041c8d180e56e7

SHA512
6ef9bdc3edb0d5b2522118955ec0ab17fc2905d9bb2bf40fe3d8814e07248f645d6456f0c924f62ba2d18b8437543cfbe1f2cbccb53371294ddf51d637136aa0

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe

Filesize
478KB

MD5
6f5912efea240d12d6981d02d7565c9b

SHA1
cdddf931818df609259c7d411dab00520c8d8820

SHA256
35d21edc2022fa1f9aa96342bfb44596ae64960adce4c0da8c55a1ae8efe4b09

SHA512
738bd4afcee6c90e7a2b52c94bd0181493dd0d55ebfeed1c5909905d4c2dee431183d7d5b016fdeb1c999c462ed356eca2fd5333fa9f182f8d2aab43bbcba922

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe

Filesize
478KB

MD5
e9b3cec2ed66b51f684790c353231957

SHA1
5910d62713e35ed3c0b83d17546797b80d058f12

SHA256
e4a4f45b612ade5a40e504f4d6b9229d2ac5026a92da508ae398b4e264d90b5f

SHA512
b3dcf99f5bcfc0274e9fa72c8e22c8f2c997f03935a998257dd550349d33e53bd2f189529a99ae36c50f18804677414eef0553863755b1b888ef3060027b521f

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe

Filesize
478KB

MD5
dacb04ceb8e7021baea6fdb5f99773c1

SHA1
a4f333dc887cd5383269794e7e7191e6bf39e976

SHA256
1b93c2aeed2378ae1007206613fa638ce3b71524768b14b63b20cc9d9cd12a62

SHA512
08a391dbb21ed4a354974fc5fabcae41b1ac133ed49b447fc0bb8cb61e806710601bd08f2c46f91cf1e04c3623153410f3ee94c856144a81bbd84a2dbebf06d0

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe

Filesize
478KB

MD5
5c9cf8bf28065caac86ac100e1a767fd

SHA1
bb2cc001dc519fd5d5a4ca5a4755ab66433e0c13

SHA256
dd0139cb979b0f8f56eb288d376683cd60bba6bda1ebcfeabc0b7ab6fa6f3fb3

SHA512
ad24c5dea9c24e3919f8ce9fdeb7f0c28758be984ebb47448875833f92fd022019339d15395fd7c83735fba6ebceda795e7f1e9c7fd14090d7eb21fb05a004bb

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe

Filesize
479KB

MD5
660e418bcd0f35192ef7b4092010614e

SHA1
bc135444b3d7c9ec92c754c0945ae105906a45e1

SHA256
26b4d2e08dee2d78f4cae9b3da542d7fcc0f1cf637cd6fd76ebc33a5f44bc45c

SHA512
e4385d27f71d9f052c757db3b3ad60eae11045f850d4c68f077c764c6112bb39e6b812c300e8b19b05038d126e7fe0abc5698a2cfc0188194d39f7d162b39e88

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe

Filesize
479KB

MD5
fd37f23a74b2ec91f974bd95a3d45ede

SHA1
a0a24c031cd3e3a12805ae07e65a369600c3fac1

SHA256
78a03620d04eb3ae23c36820918441d7fa3772406e4c69495a909c76b48d9596

SHA512
dade130bfab0474f8bcfcb796d7f32ed97d4d8bbbdf0b0c4d055be8b3ca8f3726918bd2d6b02bfa23dcab3f5e929fb6db3ad59cffac46581b78d31e8ee450d10

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe

Filesize
479KB

MD5
942abffcaa82d61c7ad8fe62934587fb

SHA1
668f278a319098d5e32befdad64730cc574afffd

SHA256
f31962a63f498060f30f8a4d088c15cdabbb8034c3d81f0de25e8a55e15c41b1

SHA512
943f247090ef305538d5257147c29a908e5f686b0430ebd3b2e5337cc58e2006d7683b72c9cef9db2d4188a49cee171f1aa251cf7dae8e39e7bec48f73bb5df8

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe

Filesize
479KB

MD5
03491efc82843b81d0dcc9e8984cb5f2

SHA1
eba4e3c966b64637343af71a536e52a087d9e7f6

SHA256
0624eca87e353fa1ce0ee716ec76d676531c1d92ad14f949f49d5f05a8abadd4

SHA512
9f44fbf58af93ac0e452511cee830d726eae22771ddcb8b982caca1ea5255a18b8213f22fa603cf2789d214a93c6f85e416d9a14520e6b02282279727c6828f0

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe

Filesize
479KB

MD5
a916d87c76431801a9140ab0daeb072a

SHA1
9f722bde5e8885540442c7d90e269915bed7e1a2

SHA256
b3afb49ea43c17a36cd97d3207f30bba18a71f18a7d9830675f98cdd378c93a9

SHA512
e512213dfd9258eab57e7dc6da0ca8ac0b44829ffeef1d1df8afcaa161a8742b41a071d6f68d2420ee7a2e8f82f5e6b7e323a1992ef7ce218d979905b86be9dc

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe

Filesize
480KB

MD5
d083f6250dd03cf5a91565a1a8c7503e

SHA1
3060e02f3a3cd51ec560df3bbb411670108993b9

SHA256
45f3d063a65d4b1b3661a39bd768719149fa32a6f1a1c9e67591c7bb15f32588

SHA512
61f8c16607ed0d0c124e4b4169b00f4e61d1feb600c1bda1648c8582f7370aa39732327ad387c884afa23f7db331e250451b93daf68e61a9a67653b747018b5a

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe

Filesize
480KB

MD5
1b8d3c2c72f86cf08d9f6521fe6623e5

SHA1
36b384caedc88c717c3c692f49524fd2acde5b36

SHA256
03a1188ffdcfb55c9ebb9773d28d939c85a200096b6583170ef381a3070397af

SHA512
7e3570bdfc608d2b760f55c472df120795946877cdf5f442180376691d1016f9106784fbe638660faef5f6b7a7e17600a7f9a8665eee016963e0fbb09de62a1c

Download Submit
\??\c:\users\admin\appdata\local\temp\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe

Filesize
480KB

MD5
e19f3c001496b5c2a4e1c64dcc456c0c

SHA1
8348b651639673c66f2a84f907e369d6a395419e

SHA256
f2b46ea957e790c05dfcb81aa81ab03ee1de5f9aa29f2f243fa6407b409817ae

SHA512
7f9a80fe5f27c32e0116f9819b96065e89f4b9d27c1ec9395764a02ee5c6591c86784a5b1b9d2d416d31e183fa3982c45f1dee5ff8f32b1fdbae73ec2a780b73

Download Submit
memory/392-236-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/552-196-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/800-49-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/800-53-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1020-256-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1280-75-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1280-84-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1416-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1416-9-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1572-176-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1680-273-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2056-216-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2080-266-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2284-20-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2284-11-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2324-38-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2324-43-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2636-166-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2652-226-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2856-246-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3016-122-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3016-135-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3184-156-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3184-144-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3544-96-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3544-91-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3808-133-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3808-146-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3988-186-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4060-124-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4060-111-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4288-71-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4416-64-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4604-22-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4604-32-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4704-271-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4936-206-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4940-102-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4940-113-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202s.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202c.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202y.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202h.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202u.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202x.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202g.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202r.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202w.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202f.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202j.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202n.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202l.exe\""	8d6cc9b4859a69151b390490e806de2bf07234e9acc5882401f4f1054d74f1ca_neikianalytics_3202k.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads