Analysis Overview
SHA256
aa5791109ff1eee7589195a4bc9166b92c63dad3ef7dc996c30b3f401c87daee
Threat Level: Shows suspicious behavior
The file 60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:58
Reported
2024-06-13 05:00
Platform
win7-20240508-en
Max time kernel
149s
Max time network
123s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\Solitaire\Solitaire.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaws.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Games\Hearts\Hearts.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\FreeCell\FreeCell.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\crashreporter.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\BCSSync.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\IEContentService.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Games\Mahjong\Mahjong.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\private_browsing.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\uninstall.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\default-browser-agent.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\chrome.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Games\FreeCell\FreeCell.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
Network
Files
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
| MD5 | 4b2eed3642582e2ccf7d9b928c1cc9e1 |
| SHA1 | 8aba8c8bd910e4d7d78bee8a69754f3089432f57 |
| SHA256 | d17ca7125adaec0f1dd2553a4f4409d942bfe0c22baff08aaad7fc8a76beb5a2 |
| SHA512 | 4262293928ec3c7424fafe372a46b91495491dd3ddbc4334a485b56aa99ced6275bcc1c71287149ac795b49ef5ed45d71bb43b7fba259736ee11ad56783bd90f |
C:\Windows\SysWOW64\Shohdi.hdi
| MD5 | dbcf34ba299a087cb10f61db3c8ea445 |
| SHA1 | c33065ed537c7a90a67260f58196e9388182b731 |
| SHA256 | 62f31828e6c245c31c2912f31769ee0e2dc64a666919ee6a6a859f1aef556670 |
| SHA512 | 49877c056397af81b40dbc86b56490c48252033102a03e5d6dde18fd69e563c041968e458352a05557851020ce43530dfdc47f836abbab73c0128b26134ad495 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:58
Reported
2024-06-13 05:00
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Shohdi.hdi | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\bin\javaws.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\msoia.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdate.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Mozilla Firefox\maintenanceservice.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\chrome.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeComRegisterShellARM64.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\7zFM.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File created | \??\c:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateCore.sho | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1856 wrote to memory of 4608 | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho |
| PID 1856 wrote to memory of 4608 | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho |
| PID 1856 wrote to memory of 4608 | N/A | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe | C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho |
Processes
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
Network
Files
C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
| MD5 | 4b2eed3642582e2ccf7d9b928c1cc9e1 |
| SHA1 | 8aba8c8bd910e4d7d78bee8a69754f3089432f57 |
| SHA256 | d17ca7125adaec0f1dd2553a4f4409d942bfe0c22baff08aaad7fc8a76beb5a2 |
| SHA512 | 4262293928ec3c7424fafe372a46b91495491dd3ddbc4334a485b56aa99ced6275bcc1c71287149ac795b49ef5ed45d71bb43b7fba259736ee11ad56783bd90f |
C:\Windows\SysWOW64\Shohdi.hdi
| MD5 | dbcf34ba299a087cb10f61db3c8ea445 |
| SHA1 | c33065ed537c7a90a67260f58196e9388182b731 |
| SHA256 | 62f31828e6c245c31c2912f31769ee0e2dc64a666919ee6a6a859f1aef556670 |
| SHA512 | 49877c056397af81b40dbc86b56490c48252033102a03e5d6dde18fd69e563c041968e458352a05557851020ce43530dfdc47f836abbab73c0128b26134ad495 |