resource	yara_rule
behavioral2/files/0x0008000000023246-12.dat	family_quasar
behavioral2/memory/1900-39-0x0000000000300000-0x000000000035E000-memory.dmp	family_quasar
behavioral2/files/0x0008000000023248-54.dat	family_quasar

description	ioc	Process
File opened (read-only)	\??\o:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\u:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\g:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\l:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\n:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\m:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\s:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\t:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\w:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\y:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\e:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\j:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\k:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\z:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\r:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\v:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\x:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\h:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\i:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\p:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\a:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\b:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe
File opened (read-only)	\??\q:	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	svchost.exe

description	pid	Process	procid_target
PID 1460 set thread context of 2500	1460	vnc.exe	94
PID 4948 set thread context of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96

pid	Process
1680	schtasks.exe
3708	schtasks.exe
4964	schtasks.exe
4856	schtasks.exe

description	pid	Process	procid_target
PID 4948 wrote to memory of 1460	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	92
PID 4948 wrote to memory of 1460	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	92
PID 4948 wrote to memory of 1460	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	92
PID 1460 wrote to memory of 2500	1460	vnc.exe	94
PID 1460 wrote to memory of 2500	1460	vnc.exe	94
PID 4948 wrote to memory of 1900	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	95
PID 4948 wrote to memory of 1900	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	95
PID 4948 wrote to memory of 1900	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	95
PID 1460 wrote to memory of 2500	1460	vnc.exe	94
PID 4948 wrote to memory of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96
PID 4948 wrote to memory of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96
PID 4948 wrote to memory of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96
PID 1460 wrote to memory of 2500	1460	vnc.exe	94
PID 4948 wrote to memory of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96
PID 4948 wrote to memory of 3360	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	96
PID 1460 wrote to memory of 2500	1460	vnc.exe	94
PID 4948 wrote to memory of 4964	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	97
PID 4948 wrote to memory of 4964	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	97
PID 4948 wrote to memory of 4964	4948	49aafee164d62e048c96d3a4f8d5b19427dd7850fda585c6456f277633411369_NeikiAnalytics.exe	97

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.