Malware Analysis Report

2024-11-13 14:27

Sample ID 240613-fl1t9sydrr
Target 60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe
SHA256 aa5791109ff1eee7589195a4bc9166b92c63dad3ef7dc996c30b3f401c87daee
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

aa5791109ff1eee7589195a4bc9166b92c63dad3ef7dc996c30b3f401c87daee

Threat Level: Shows suspicious behavior

The file 60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:58

Reported

2024-06-13 05:00

Platform

win7-20240508-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Shohdi.hdi C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Shohdi.hdi C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Solitaire\Solitaire.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaws.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Games\Hearts\Hearts.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\FreeCell\FreeCell.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\crashreporter.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\BCSSync.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\IEContentService.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\Wordconv.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Games\Mahjong\Mahjong.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\private_browsing.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\VideoLAN\VLC\uninstall.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\default-browser-agent.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javaw.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Games\FreeCell\FreeCell.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho
PID 2408 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

Processes

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

MD5 4b2eed3642582e2ccf7d9b928c1cc9e1
SHA1 8aba8c8bd910e4d7d78bee8a69754f3089432f57
SHA256 d17ca7125adaec0f1dd2553a4f4409d942bfe0c22baff08aaad7fc8a76beb5a2
SHA512 4262293928ec3c7424fafe372a46b91495491dd3ddbc4334a485b56aa99ced6275bcc1c71287149ac795b49ef5ed45d71bb43b7fba259736ee11ad56783bd90f

C:\Windows\SysWOW64\Shohdi.hdi

MD5 dbcf34ba299a087cb10f61db3c8ea445
SHA1 c33065ed537c7a90a67260f58196e9388182b731
SHA256 62f31828e6c245c31c2912f31769ee0e2dc64a666919ee6a6a859f1aef556670
SHA512 49877c056397af81b40dbc86b56490c48252033102a03e5d6dde18fd69e563c041968e458352a05557851020ce43530dfdc47f836abbab73c0128b26134ad495

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:58

Reported

2024-06-13 05:00

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho N/A

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\Shohdi.hdi C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification C:\Windows\SysWOW64\Shohdi.hdi C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\javaws.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\Wordconv.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\msoia.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Mozilla Firefox\maintenanceservice.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\chrome.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Java\jre-1.8\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateSetup.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\VPREVIEW.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeComRegisterShellARM64.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\7zFM.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File created \??\c:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateCore.sho C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.exe"

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

Network

Files

C:\Users\Admin\AppData\Local\Temp\60503829933d0086cf9ad1c6ec143930_NeikiAnalytics.sho

MD5 4b2eed3642582e2ccf7d9b928c1cc9e1
SHA1 8aba8c8bd910e4d7d78bee8a69754f3089432f57
SHA256 d17ca7125adaec0f1dd2553a4f4409d942bfe0c22baff08aaad7fc8a76beb5a2
SHA512 4262293928ec3c7424fafe372a46b91495491dd3ddbc4334a485b56aa99ced6275bcc1c71287149ac795b49ef5ed45d71bb43b7fba259736ee11ad56783bd90f

C:\Windows\SysWOW64\Shohdi.hdi

MD5 dbcf34ba299a087cb10f61db3c8ea445
SHA1 c33065ed537c7a90a67260f58196e9388182b731
SHA256 62f31828e6c245c31c2912f31769ee0e2dc64a666919ee6a6a859f1aef556670
SHA512 49877c056397af81b40dbc86b56490c48252033102a03e5d6dde18fd69e563c041968e458352a05557851020ce43530dfdc47f836abbab73c0128b26134ad495