Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 19:08
General
-
Target
0c87a24da6905020136f5b5d695ca41db90c914e32d7d557aa4a9f1a70b5bfab_NeikiAnalytics.exe
-
Size
128KB
-
MD5
cf073b6cd0aae7c53696a2ba648872c0
-
SHA1
a1671a9715f4d485aa3d993540d7750e17385464
-
SHA256
0c87a24da6905020136f5b5d695ca41db90c914e32d7d557aa4a9f1a70b5bfab
-
SHA512
4161a9154cde0c6be280e2863534e03d4b86d8c0fcc77edc6b82221a5e0b2f0bf1d4f63f3d7e058f20e1596b0b54a7bcbd9ead8cd71ddc947dfea6dc4f4b57d3
-
SSDEEP
3072:5LoMXmof9BL6uym/PwidSX3ReDrFDHZtOgxBOXXH:5LJWMd6aP7dSX3RO5tTDUX
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c87a24da6905020136f5b5d695ca41db90c914e32d7d557aa4a9f1a70b5bfab_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c87a24da6905020136f5b5d695ca41db90c914e32d7d557aa4a9f1a70b5bfab_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdkhapfj.exeC:\Windows\system32\Mdkhapfj.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgidml32.exeC:\Windows\system32\Mgidml32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjhqjg32.exeC:\Windows\system32\Mjhqjg32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mncmjfmk.exeC:\Windows\system32\Mncmjfmk.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mnfipekh.exeC:\Windows\system32\Mnfipekh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maaepd32.exeC:\Windows\system32\Maaepd32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdpalp32.exeC:\Windows\system32\Mdpalp32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnhfee32.exeC:\Windows\system32\Nnhfee32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ndbnboqb.exeC:\Windows\system32\Ndbnboqb.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njogjfoj.exeC:\Windows\system32\Njogjfoj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nqiogp32.exeC:\Windows\system32\Nqiogp32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nkncdifl.exeC:\Windows\system32\Nkncdifl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nnmopdep.exeC:\Windows\system32\Nnmopdep.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ncihikcg.exeC:\Windows\system32\Ncihikcg.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nkqpjidj.exeC:\Windows\system32\Nkqpjidj.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nqmhbpba.exeC:\Windows\system32\Nqmhbpba.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ncldnkae.exeC:\Windows\system32\Ncldnkae.exe18⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njfmke32.exeC:\Windows\system32\Njfmke32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nbmelbid.exeC:\Windows\system32\Nbmelbid.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Okeieh32.exeC:\Windows\system32\Okeieh32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oboaabga.exeC:\Windows\system32\Oboaabga.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Onfbfc32.exeC:\Windows\system32\Onfbfc32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okjbpglo.exeC:\Windows\system32\Okjbpglo.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ocegdjij.exeC:\Windows\system32\Ocegdjij.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onklabip.exeC:\Windows\system32\Onklabip.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocgdji32.exeC:\Windows\system32\Ocgdji32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obidhaog.exeC:\Windows\system32\Obidhaog.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pgemphmn.exeC:\Windows\system32\Pgemphmn.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnpemb32.exeC:\Windows\system32\Pnpemb32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Peimil32.exeC:\Windows\system32\Peimil32.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pkceffcd.exeC:\Windows\system32\Pkceffcd.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pcojkhap.exeC:\Windows\system32\Pcojkhap.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbpjhp32.exeC:\Windows\system32\Pbpjhp32.exe34⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pcagphom.exeC:\Windows\system32\Pcagphom.exe35⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnfkma32.exeC:\Windows\system32\Pnfkma32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Paegjl32.exeC:\Windows\system32\Paegjl32.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pkjlge32.exeC:\Windows\system32\Pkjlge32.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pbddcoei.exeC:\Windows\system32\Pbddcoei.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qcepkg32.exeC:\Windows\system32\Qcepkg32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qkmhlekj.exeC:\Windows\system32\Qkmhlekj.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qnkdhpjn.exeC:\Windows\system32\Qnkdhpjn.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qeemej32.exeC:\Windows\system32\Qeemej32.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qloebdig.exeC:\Windows\system32\Qloebdig.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qnnanphk.exeC:\Windows\system32\Qnnanphk.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aegikj32.exeC:\Windows\system32\Aegikj32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agffge32.exeC:\Windows\system32\Agffge32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Alabgd32.exeC:\Windows\system32\Alabgd32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aejfpjne.exeC:\Windows\system32\Aejfpjne.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajfoiqll.exeC:\Windows\system32\Ajfoiqll.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Abngjnmo.exeC:\Windows\system32\Abngjnmo.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Acocaf32.exeC:\Windows\system32\Acocaf32.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajiknpjj.exeC:\Windows\system32\Ajiknpjj.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aeopki32.exeC:\Windows\system32\Aeopki32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahmlgd32.exeC:\Windows\system32\Ahmlgd32.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Angddopp.exeC:\Windows\system32\Angddopp.exe56⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aaepqjpd.exeC:\Windows\system32\Aaepqjpd.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ahoimd32.exeC:\Windows\system32\Ahoimd32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajneip32.exeC:\Windows\system32\Ajneip32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Becifhfj.exeC:\Windows\system32\Becifhfj.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bhaebcen.exeC:\Windows\system32\Bhaebcen.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnlnon32.exeC:\Windows\system32\Bnlnon32.exe62⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bajjli32.exeC:\Windows\system32\Bajjli32.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bdhfhe32.exeC:\Windows\system32\Bdhfhe32.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbifelba.exeC:\Windows\system32\Bbifelba.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdkcmdhp.exeC:\Windows\system32\Bdkcmdhp.exe66⤵
-
C:\Windows\SysWOW64\Bjdkjo32.exeC:\Windows\system32\Bjdkjo32.exe67⤵
-
C:\Windows\SysWOW64\Bblckl32.exeC:\Windows\system32\Bblckl32.exe68⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Bejogg32.exeC:\Windows\system32\Bejogg32.exe69⤵
-
C:\Windows\SysWOW64\Bjghpn32.exeC:\Windows\system32\Bjghpn32.exe70⤵
-
C:\Windows\SysWOW64\Bemlmgnp.exeC:\Windows\system32\Bemlmgnp.exe71⤵
-
C:\Windows\SysWOW64\Blfdia32.exeC:\Windows\system32\Blfdia32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bkidenlg.exeC:\Windows\system32\Bkidenlg.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cbqlfkmi.exeC:\Windows\system32\Cbqlfkmi.exe74⤵
-
C:\Windows\SysWOW64\Cliaoq32.exeC:\Windows\system32\Cliaoq32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cogmkl32.exeC:\Windows\system32\Cogmkl32.exe76⤵
-
C:\Windows\SysWOW64\Cddecc32.exeC:\Windows\system32\Cddecc32.exe77⤵
-
C:\Windows\SysWOW64\Cknnpm32.exeC:\Windows\system32\Cknnpm32.exe78⤵
-
C:\Windows\SysWOW64\Cahfmgoo.exeC:\Windows\system32\Cahfmgoo.exe79⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Chbnia32.exeC:\Windows\system32\Chbnia32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Colffknh.exeC:\Windows\system32\Colffknh.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cajcbgml.exeC:\Windows\system32\Cajcbgml.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ckcgkldl.exeC:\Windows\system32\Ckcgkldl.exe83⤵
-
C:\Windows\SysWOW64\Camphf32.exeC:\Windows\system32\Camphf32.exe84⤵
-
C:\Windows\SysWOW64\Cdkldb32.exeC:\Windows\system32\Cdkldb32.exe85⤵
-
C:\Windows\SysWOW64\Dbllbibl.exeC:\Windows\system32\Dbllbibl.exe86⤵
-
C:\Windows\SysWOW64\Dekhneap.exeC:\Windows\system32\Dekhneap.exe87⤵
-
C:\Windows\SysWOW64\Dhidjpqc.exeC:\Windows\system32\Dhidjpqc.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Docmgjhp.exeC:\Windows\system32\Docmgjhp.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dkjmlk32.exeC:\Windows\system32\Dkjmlk32.exe90⤵
-
C:\Windows\SysWOW64\Dbaemi32.exeC:\Windows\system32\Dbaemi32.exe91⤵
-
C:\Windows\SysWOW64\Ddbbeade.exeC:\Windows\system32\Ddbbeade.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkljak32.exeC:\Windows\system32\Dkljak32.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dafbne32.exeC:\Windows\system32\Dafbne32.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dddojq32.exeC:\Windows\system32\Dddojq32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkoggkjo.exeC:\Windows\system32\Dkoggkjo.exe96⤵
-
C:\Windows\SysWOW64\Dceohhja.exeC:\Windows\system32\Dceohhja.exe97⤵
-
C:\Windows\SysWOW64\Dedkdcie.exeC:\Windows\system32\Dedkdcie.exe98⤵
-
C:\Windows\SysWOW64\Dhbgqohi.exeC:\Windows\system32\Dhbgqohi.exe99⤵
-
C:\Windows\SysWOW64\Eolpmi32.exeC:\Windows\system32\Eolpmi32.exe100⤵
-
C:\Windows\SysWOW64\Eaklidoi.exeC:\Windows\system32\Eaklidoi.exe101⤵
-
C:\Windows\SysWOW64\Edihepnm.exeC:\Windows\system32\Edihepnm.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ehedfo32.exeC:\Windows\system32\Ehedfo32.exe103⤵
-
C:\Windows\SysWOW64\Ecjhcg32.exeC:\Windows\system32\Ecjhcg32.exe104⤵
-
C:\Windows\SysWOW64\Eamhodmf.exeC:\Windows\system32\Eamhodmf.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eoaihhlp.exeC:\Windows\system32\Eoaihhlp.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eapedd32.exeC:\Windows\system32\Eapedd32.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ehimanbq.exeC:\Windows\system32\Ehimanbq.exe108⤵
-
C:\Windows\SysWOW64\Ekhjmiad.exeC:\Windows\system32\Ekhjmiad.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ecoangbg.exeC:\Windows\system32\Ecoangbg.exe110⤵
-
C:\Windows\SysWOW64\Eemnjbaj.exeC:\Windows\system32\Eemnjbaj.exe111⤵
-
C:\Windows\SysWOW64\Elgfgl32.exeC:\Windows\system32\Elgfgl32.exe112⤵
-
C:\Windows\SysWOW64\Ecandfpd.exeC:\Windows\system32\Ecandfpd.exe113⤵
-
C:\Windows\SysWOW64\Eepjpb32.exeC:\Windows\system32\Eepjpb32.exe114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Edbklofb.exeC:\Windows\system32\Edbklofb.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fohoigfh.exeC:\Windows\system32\Fohoigfh.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fafkecel.exeC:\Windows\system32\Fafkecel.exe117⤵
-
C:\Windows\SysWOW64\Fdegandp.exeC:\Windows\system32\Fdegandp.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fkopnh32.exeC:\Windows\system32\Fkopnh32.exe119⤵
-
C:\Windows\SysWOW64\Faihkbci.exeC:\Windows\system32\Faihkbci.exe120⤵
-
C:\Windows\SysWOW64\Fhcpgmjf.exeC:\Windows\system32\Fhcpgmjf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-