Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05/06/2024, 03:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe
Resource
win7-20240220-en
windows7-x64
4 signatures
150 seconds
General
-
Target
34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
34e9608e68304e1cf3fa471922e1b3d0
-
SHA1
47713f49f00d1e178a462f112b0fb858fbc3ade5
-
SHA256
0c1f1d80bc526ec24a543b433219036eb456b0390fcf53114121e210d7fd4ff8
-
SHA512
0e3ecd9f8eb751fb3f4b7ce51536b4dd98a689b3038e752b6a9c0083e218e394c44882624e6b35a86c4958d7ba1c566d87b156fb5f92464a34ce61810d07c9f8
-
SSDEEP
1536:JJvJnBpwdaMIOOnToIfiV6pdQcTUgamo7Zo:JJvxKaCqTBfiooXg7o7Z
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\WINDOWS\SYSWOW64\EHSTORAUTHN.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\LABEL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MFPMP.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\REGISTERIEPKEYS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SFC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MMC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\RASERVER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\USERINIT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\AUTOCHK.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\GPSCRIPT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\GPUPDATE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\REAGENTC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\COMPUTERDEFAULTS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SNDVOL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\BITSADMIN.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\UNLODCTR.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\DIALER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\ICACLS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\LOGMAN.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MIGWIZ\POSTMIG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\HH.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MIGWIZ\MIGSETUP.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\GPRESULT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\SYSTEMPROPERTIESHARDWARE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\INFDEFAULTINSTALL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\SC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MOBSYNC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\MSIEXEC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\EUDCEDIT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\CMDKEY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\CONVERT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\COMPACT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\NEWDEV.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\REGEDIT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SECEDIT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SYSTRAY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\VERCLSID.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WBEM\WMIC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\CMSTP.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\DPAPIMIG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\FC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\ICSUNATTEND.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\CTTUNE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\IME\IMEJP10\IMJPUEXC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SYNCHOST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WINDOWSPOWERSHELL\V1.0\POWERSHELL_ISE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\WBEM\WMIC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\LOCATIONNOTIFICATIONS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\PCAUI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\RDRLEAKDIAG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\REGISTERIEPKEYS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\TYPEPERF.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\AUTOCONV.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MAKECAB.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\EXPAND.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\ICARDAGT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\SDIAGNHOST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\WPDSHEXTAUTOPLAY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\MSPAINT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SYSWOW64\REKEYWIZ.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\GPUPDATE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\SysWOW64\TAPIUNATTEND.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\PPTICO.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAW.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JDB.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\ORBD.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\PACK200.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC64.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVAWS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\DOWNLOAD\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\CHROME_INSTALLER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEDIAGCMD.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IELOWUTIL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MICROSOFT GAMES\SPIDERSOLITAIRE\SPIDERSOLITAIRE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\APPLETVIEWER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WINMAIL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSTORDB.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\NAMECONTROLSERVER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\SETUP FILES\{AC76BA86-7AD7-1033-7B44-A90000000001}\SETUP.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\FLICKLEARNINGWIZARD.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME_PROXY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ONENOTE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\READER_SL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\UNPACK200.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVACPL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MAIL\WINMAIL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JAVAFXPACKAGER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\RMID.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WABMIG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\CRASHREPORTER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\OFFICE SETUP CONTROLLER\ODEPLOY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\INK\TABTIP32.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\LIB\VISUALVM\PLATFORM\LIB\NBEXEC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ADOBECOLLABSYNC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\ACCICONS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JINFO.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KINIT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\WINDOWS MAIL\WAB.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\ADOBE AIR UPDATER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\AIRAPPINSTALLER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE AIR\VERSIONS\1.0\TEMPLATE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\JAVA-RMI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO32.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\MSPUB.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\INPUTPERSONALIZATION.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVA.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\ADOBE\READER 9.0\READER\ACROTEXTEXTRACTOR.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\FLTLDR.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\CONVERTINKSTORE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JMC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IELOWUTIL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\WINDOWS MEDIA PLAYER\WMPLAYER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\KLIST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\TNAMESERV.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JRE7\BIN\TNAMESERV.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VSTO\10.0\VSTOINSTALLER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.36.151\GOOGLEUPDATECORE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\BIN\JRUNSCRIPT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\JAVA\JDK1.7.0_80\JRE\BIN\JAVAWS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES\MOZILLA FIREFOX\MAINTENANCESERVICE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\OFFICE14\MSOICONS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\BCSSYNC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE14\WORDICON.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-M..-DIAGNOSTIC-RESULTS_31BF3856AD364E35_6.1.7600.16385_NONE_84DB2473005C51CB\MDRES.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-F..TEMCOMPAREUTILITIES_31BF3856AD364E35_6.1.7600.16385_NONE_5CBB962A4F0D58C1\FC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MICROSOFT.WORKFLOW.COMPILER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\EDMGEN.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_READER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\REGSVCS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DIANTZ_31BF3856AD364E35_6.1.7600.16385_NONE_02BB0612DC529329\DIANTZ.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-I..DEVICESCONTROLPANEL_31BF3856AD364E35_6.1.7600.16385_NONE_8094BD7B62D2B435\IMAGINGDEVICES.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EHOME\EHSHELL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\WORDICON.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-EFS-UI_31BF3856AD364E35_6.1.7600.16385_NONE_5269B9A9A14782A8\EFSUI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\GAC_MSIL\EHEXTHOST\6.1.0.0__31BF3856AD364E35\EHEXTHOST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-BOOTCONFIG_31BF3856AD364E35_6.1.7600.16385_NONE_680B6EB133F91B1B\BOOTCFG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COM-SURROGATE_31BF3856AD364E35_6.1.7600.16385_NONE_A018E05D0D33081D\DLLHST3G.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-ERRORREPORTINGFAULTS_31BF3856AD364E35_6.1.7601.17514_NONE_CE2D22115368DB7A\WERFAULT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\OISICON.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\NETFXREPAIR.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-AUDIO-VOLUMECONTROL_31BF3856AD364E35_6.1.7601.17514_NONE_244E76D61E1989E5\SNDVOL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CVTRES.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\MSCORSVW.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\COMSVCCONFIG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IE-HTMLAPPLICATION_31BF3856AD364E35_8.0.7600.16385_NONE_D009281F9A108E04\MSHTA.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EHOME\MCSPAD.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\VBC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\WSATCONFIG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ENCE-INFRASTRUCTURE_31BF3856AD364E35_6.1.7601.17514_NONE_3337092D63596104\SDBINST.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CHARMAP_31BF3856AD364E35_6.1.7600.16385_NONE_4E4EAF05BE0C2D8F\CHARMAP.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-GETMAC_31BF3856AD364E35_6.1.7600.16385_NONE_67F38861BBAC1910\GETMAC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V2.0.50727_32\SMSVCHOST\1BC1EE3C3AA45D28DCF4657BCEB2FCB4\SMSVCHOST.NI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\VBC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V2.0.50727\LDR64.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_INFOCARD_B77A5C561934E089_6.1.7601.17514_NONE_583A8C60C0B305A1\INFOCARD.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EHOME\EHTRAY.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\JSC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_ASPNET_REGBROWSERS_B03F5F7F11D50A3A_6.1.7600.16385_NONE_96421D40C0E2903E\ASPNET_REGBROWSERS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\MICROSOFT.W71DAF281#\DF459C0A2762C33E0699703F186B1751\MICROSOFT.WORKFLOW.COMPILER.NI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\CSC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WFSERVICESREG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CHOICE_31BF3856AD364E35_6.1.7601.17514_NONE_218CF07BA262766C\CHOICE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CREDWIZ_31BF3856AD364E35_6.1.7600.16385_NONE_FBCFA2528586252F\CREDWIZ.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EHOME\EHVID.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\DW20.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\NGEN.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-INSTALLER-EXECUTABLE_31BF3856AD364E35_6.1.7601.17514_NONE_A7A77A3B9CB96CE6\MSIEXEC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODELREG.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\VBC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-GROUPPOLICY-SCRIPT_31BF3856AD364E35_6.1.7600.16385_NONE_C10C2A29895D4994\GPSCRIPT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_REGSQL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGIIS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-A..ION-TELEMETRY-AGENT_31BF3856AD364E35_6.1.7601.17514_NONE_3092574C7D41010B\AITAGENT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CALC_31BF3856AD364E35_6.1.7600.16385_NONE_05B2F2E2346CFEA4\CALC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-CORRUPTEDFILERECOVERY_31BF3856AD364E35_6.1.7600.16385_NONE_E3AEA9874278550C\COFIRE.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\ASSEMBLY\NATIVEIMAGES_V4.0.30319_32\WSATCONFIG\537950D9C71AF966E1D8C9DEB550F842\WSATCONFIG.NI.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\EXPLORER.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\INSTALLER\{90140000-0011-0000-0000-0000000FF1CE}\GRVICONS.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-DPISCALING_31BF3856AD364E35_6.1.7600.16385_NONE_D63CC4DD74A11D0B\DPISCALING.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-IEINSTAL_31BF3856AD364E35_8.0.7601.17514_NONE_617C25C51F43E03F\IEINSTAL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-COMPACT_31BF3856AD364E35_6.1.7600.16385_NONE_55EA2C71CF438FFC\COMPACT.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-D..OSTIC-USER-RESOLVER_31BF3856AD364E35_6.1.7600.16385_NONE_2129F6BD1F6002AE\DFDWIZ.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\WINSXS\AMD64_MICROSOFT-WINDOWS-FAX-SERVICE_31BF3856AD364E35_6.1.7601.17514_NONE_0B499F2C96E8F6B2\FXSSVC.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\DATASVCUTIL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe File opened for modification C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET_REGSQL.EXE 34e9608e68304e1cf3fa471922e1b3d0_NeikiAnalytics.exe