603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Size

84KB
MD5

479e414d566a54c759944d8da51dbb00
SHA1

61dd78be407e0d809be6c2555e456f81e979623b
SHA256

603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587
SHA512

7773e3dea8b55027c072960aa4fac9b23340965cf5f55885dea0697c8ef9c1f16b4a53bbad467b716f0aaa52b7a33e5d3be8980cb2db76cee84afbd17ad37cff
SSDEEP

1536:RT2Aqas0ggwJB3zbGI3Jxrya6anIEQBT7fcHQq3CZ:RKas0kJB3XGI3JrIEQt63

Score

1^/10

Malware Config

Signatures

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid32	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\TypeLib	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EXEStub.Builder\Clsid	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid32	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ = "_Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\VERSION	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EXEStub.Builder\ = "EXEStub.Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EXEStub.Builder\Clsid\ = "{BDECC081-CE6C-11D1-BE34-00DD0111A50D}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\Implemented Categories	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\0\win32	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\TypeLib\ = "{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\ = "EXEStub"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\EXEStub.Builder	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\VERSION\ = "2.0"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\FLAGS\ = "0"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\ProgID	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib\Version = "2.0"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\ProgID\ = "EXEStub.Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ = "Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\0	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\HELPDIR	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\Programmable	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\FLAGS	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\ = "_Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib\ = "{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib\ = "{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DD16A72-EB6A-11D1-BE49-00DD0111A50D}\TypeLib\Version = "2.0"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDECC081-CE6C-11D1-BE34-00DD0111A50D}\ = "EXEStub.Builder"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDECC07A-CE6C-11D1-BE34-00DD0111A50D}\2.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe"	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1036	603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\603e53728173ea65df1689253826579922ae31a35052aafb10ad3f7293318587_NeikiAnalytics.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1036-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1036-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads