Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 23:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe
Resource
win7-20240221-en
7 signatures
150 seconds
General
-
Target
6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe
-
Size
52KB
-
MD5
6c979816b9628eb74681d0943134cd90
-
SHA1
3debb15c8f8a40e2cb69ab1bc66ead97620f2335
-
SHA256
9e88058e17d79220b1b56ff51c7579247eac719d9c6592ae8ee7a8a143aca8eb
-
SHA512
fbf85d79a4cf09fd9d6e61c5cf11d7b6448caa507da44b593e6d839e1c34158f6812c884aaf4807e19069d1379cdd9aadaa1f09842dffa0bf9d625c12ef12c73
-
SSDEEP
768:FlQ4hrvaEGU4aikqykezg2XpfYpbjYioRo62Bl5:fLhE1Dezg2ZfYpyoBf5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\M: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\P: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\S: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\K: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\Q: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\U: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\Z: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\E: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\G: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\I: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\J: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\N: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\O: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\V: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\Y: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\W: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\X: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\H: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\L: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\R: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened (read-only) \??\T: 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\WINDOWS\SysWOW64\CMDL32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\CSCRIPT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\INFDEFAULTINSTALL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\OCSETUP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SBUNATTEND.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\HH.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\IPCONFIG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\PING.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RMACTIVATE_SSP_ISV.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\CREDWIZ.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\DXDIAG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MSTSC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WAITFOR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WOWREG32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\IEXPRESS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\ICACLS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RRINSTALLER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\TASKENG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\HELP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\IME\SHARED\IMEPADSV.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MSRA.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MUIUNATTEND.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\OPTIONALFEATURES.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RPCPING.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\WVMIC.INF_AMD64_NEUTRAL_B94EB92E8150FA35\VMICSVC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\XCOPY.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RESMON.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\CHKDSK.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SRDELAYED.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\SFC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\WAITFOR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\MIGSETUP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\CALC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\GPRESULT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MIGAUTOPLAY.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\TRACERPT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPMGR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\REGISTERIEPKEYS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\TSTHEME.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WERFAULT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\AUDITPOL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\WININIT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\WSMPROVHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\FTP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\ARP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\DIVACX64.INF_AMD64_NEUTRAL_FA0F82F024789743\XLOG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\HH.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MOBSYNC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\NEWDEV.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESREMOTE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\TCPSVCS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\PREVHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\FLTMC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\EHSTORAUTHN.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MCBUILDER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RASPHONE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\RUNDLL32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\WHOAMI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\AT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\DIALER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\DIANTZ.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\FINDSTR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\SETUP_WM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JMAP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPSHARE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSOHTMED.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAW.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR APPLICATION INSTALLER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\RMIREGISTRY.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\WSGEN.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS NT\ACCESSORIES\WORDPAD.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\CLVIEW.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\SERVERTOOL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\XJC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\MAHJONG\MAHJONG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\MIP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPDMC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\INSTALL\{D9005A2B-BC2A-4153-8911-AE3B3F543790}\CHROME_INSTALLER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\IDLJ.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAWS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPRPH.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAW.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KTAB.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS JOURNAL\PDIALOG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACRORD32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\UNINSTALL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVA.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROTEXTEXTRACTOR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\UPDATER6\ADOBEUPDATERINSTALLMGR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IELOWUTIL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\OIS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\CHESS\CHESS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ADOBECOLLABSYNC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\READER_SL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATEONDEMAND.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JABSWITCH.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR UPDATER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SETLANG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTA\8.0\X86\VSTA_EP32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPLAYER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\CONVERTINKSTORE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JMC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\KINIT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\SERVERTOOL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLECRASHHANDLER64.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\IECONTENTSERVICE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JCONSOLE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\UNPACK200.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\VIDEOLAN\VLC\VLC-CACHE-GEN.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\DW\DW20.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPREARM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\SCANPST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPDMC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVA-RMI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULT-BROWSER-AGENT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\PIPANEL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\7-ZIP\UNINSTALL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEDIAGCMD.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVA-RMI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\HEARTS\HEARTS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\ASPNET_COMPILER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..TIONAL-CHINESE-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_B7AA02FC1797974C\IMTCPROP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_NETFX-ASPNET_REGIIS_EXE_B03F5F7F11D50A3A_6.1.7600.16385_NONE_9F01D3F4C9CA5275\ASPNET_REGIIS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SQM-CONSOLIDATOR-BASE_31BF3856AD364E35_6.1.7601.17514_NONE_326571587836A400\WSQMCONS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-TRUSTEDINSTALLER_31BF3856AD364E35_6.1.7601.17514_NONE_EF3338F363C6403C\TRUSTEDINSTALLER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\WOW64_WINDOWSSEARCHENGINE_31BF3856AD364E35_7.0.7601.17514_NONE_DBD4D2796675BC72\SEARCHFILTERHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\REGASM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DXP-DEVICEEXPERIENCE_31BF3856AD364E35_6.1.7601.17514_NONE_A54B31331066C8E2\DXPSERVER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-E..E-MANAGED-REGMCEAPP_31BF3856AD364E35_6.1.7600.16385_NONE_B13A0967547ECAB4\REGISTERMCEAPP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-MIGRATIONENGINE_31BF3856AD364E35_6.1.7601.17514_NONE_5AAF419E398215DF\MIGHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD364E35_6.1.7600.16385_NONE_0935B76C289E0FD5\PKGMGR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_NETFX-CLR_ILASM_EXE_B03F5F7F11D50A3A_6.1.7601.17514_NONE_D76C81DE4A71C338\ILASM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\XLICONS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WPF\XAMLVIEWER\XAMLVIEWER_V0300.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICEPACKCOORDINATOR_31BF3856AD364E35_6.1.7601.17514_NONE_92E727843E307E1B\SPINSTALL.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-P..UNTERINFRASTRUCTURE_31BF3856AD364E35_6.1.7601.17514_NONE_DA00AD1949E715AD\LODCTR.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-MEDIAPLAYER-LOGAGENT_31BF3856AD364E35_6.1.7601.17514_NONE_ED47F623204AF12A\LOGAGENT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\DFSVC\2C3E7FDA8DE40E45E7F5E004094DC7C9\DFSVC.NI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..ERANDPRINTUI-PMCPPC_31BF3856AD364E35_6.1.7601.17514_NONE_698E475B97512FC9\PUSHPRINTERCONNECTIONS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..FLICKLEARNINGWIZARD_31BF3856AD364E35_6.1.7600.16385_NONE_69769FD78B751AD3\FLICKLEARNINGWIZARD.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_DIVACX64.INF_31BF3856AD364E35_6.1.7600.16385_NONE_CF37CC4C5BC25DC7\XLOG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CLIP_31BF3856AD364E35_6.1.7600.16385_NONE_03D0D3C435B27637\CLIP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DISPDIAG_31BF3856AD364E35_6.1.7600.16385_NONE_A0D95AFC49C833B6\DISPDIAG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD364E35_6.1.7600.16385_NONE_655452EFE0FB810B\POQEXEC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-T..COMMANDLINETOOLSMQQ_31BF3856AD364E35_6.1.7600.16385_NONE_851E6308C5B62529\QUSER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_64\MCUPDATE\F30BEBA36940B5A2B55A32EA7F42D694\MCUPDATE.NI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSBUILD.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_READER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_COMPILER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FDDDO_31BF3856AD364E35_6.1.7600.16385_NONE_B0DE2AFE4CA7A1E2\DEVICEDISPLAYOBJECTPROVIDER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-AUTOFMT_31BF3856AD364E35_6.1.7601.17514_NONE_E7FBA6C91D7030E3\AUTOFMT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\HELPPANE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\HH.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ILASM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.1.7600.16385_NONE_B591AFC466A15356\SVCHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..PWINDOWMANAGER-CORE_31BF3856AD364E35_6.1.7601.17514_NONE_EBC99983D3D18578\DWM.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..CLIENT-APPLICATIONS_31BF3856AD364E35_6.1.7601.17514_NONE_D71FB1D63F05EF22\FXSCOVER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-R..EAK-DIAGNOSTIC-CORE_31BF3856AD364E35_6.1.7600.16385_NONE_5AE7F926DEB5DE01\RDRLEAKDIAG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_9FE7C337D52F2EA7\INFOCARD.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-M..OMMANDLINEUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_7CF343CAC8A829EC\ATTRIB.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMCONFIGINSTALLER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SHAREDACCESS_31BF3856AD364E35_6.1.7600.16385_NONE_60C2504D62FD4F0E\ICSUNATTEND.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-SHAREDLIBRARIES_31BF3856AD364E35_6.1.7601.17514_NONE_6F0F7833CB71E18D\IISSETUP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-WMI-CORE-PROVIDERHOST_31BF3856AD364E35_6.1.7601.17514_NONE_6E88C3FAA2049408\WMIPRVSE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-D..-JAPANESE-UTILITIES_31BF3856AD364E35_6.1.7601.17514_NONE_EF38A8D0D05CC2C7\IMJPUEX.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-IE-IMPEXP-EXTEXPORT_31BF3856AD364E35_8.0.7601.17514_NONE_4ABF71C398C9A7D6\EXTEXPORT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\COMSVCCONFIG\5F1A06C0108B2C81CDE1DC491D74043D\COMSVCCONFIG.NI.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EHOME\LOADMXF.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_STATE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\GAC_64\MCUPDATE\6.1.0.0__31BF3856AD364E35\MCUPDATE.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IIS-SHAREDLIBRARIES_31BF3856AD364E35_6.1.7601.17514_NONE_6F0F7833CB71E18D\IISRESET.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-PROCESSMODEL_31BF3856AD364E35_6.1.7601.17514_NONE_1F3C3DEFEFC3A10E\W3WP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-P..OLER-FILTERPIPELINE_31BF3856AD364E35_6.1.7600.16385_NONE_87A28B30F517E40E\PRINTFILTERPIPELINESVC.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-SETUPAPI_31BF3856AD364E35_6.1.7601.17514_NONE_9D700972113E2691\WOWREG32.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-P..NFIGURATION-CMDLINE_31BF3856AD364E35_6.1.7600.16385_NONE_09320E5AE212B9D9\POWERCFG.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-SECURESTARTUP-NOTIFY_31BF3856AD364E35_6.1.7600.16385_NONE_78E75D04C1B0C873\FVENOTIFY.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_WPF-PRESENTATIONHOSTEXE_31BF3856AD364E35_6.2.7601.17514_NONE_96490604D588C19B\PRESENTATIONHOST.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\WOW64_MICROSOFT-WINDOWS-T..ETPC-MATHINPUTPANEL_31BF3856AD364E35_6.1.7601.17514_NONE_331C32D99BEBBDAC\MIP.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-ICACLS_31BF3856AD364E35_6.1.7600.16385_NONE_328AF534074DC6CC\ICACLS.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-SORT_31BF3856AD364E35_6.1.7600.16385_NONE_AB9479767AD67FD7\SORT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-O..CALMEDIADISC-WIZARD_31BF3856AD364E35_6.1.7600.16385_NONE_7680AA7B6195F2C6\DVDMAKER.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-PNPHOTPLUGUI_31BF3856AD364E35_6.1.7600.16385_NONE_44D62330646F757A\DEVICEEJECT.EXE 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 856 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 856 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe 856 6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6c979816b9628eb74681d0943134cd90_NeikiAnalytics.exe"1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:856