Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/05/2024, 21:56
Static task
static1
Behavioral task
behavioral1
Sample
458baada55e53a17210065b36bdef190_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
458baada55e53a17210065b36bdef190_NEIKI.exe
Resource
win10v2004-20240226-en
General
-
Target
458baada55e53a17210065b36bdef190_NEIKI.exe
-
Size
403KB
-
MD5
458baada55e53a17210065b36bdef190
-
SHA1
30d0da757c1d9bc705f81c0c777d91a81b9cfb84
-
SHA256
12c0ecef9899c2e19423283fa343a3eecfbe75ece71247fe92f38a5754244798
-
SHA512
e2e26206f4656947c00b9c4f2d2757a99966a9dc196e6dba3edf1ede026bb49aeedd629a03e79fb032f63161807c190d5f8ce102bf2c1a1e32211d60be97b893
-
SSDEEP
1536:oXBYjfC24mFVsIgvo3X4iZpTha5VlA8mx7aoL83YTjipvF2PL:oX+0mFmIgvo4iZhha5rEaoL83YvQd2T
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2080 jusched.exe -
Loads dropped DLL 2 IoCs
pid Process 2820 458baada55e53a17210065b36bdef190_NEIKI.exe 2820 458baada55e53a17210065b36bdef190_NEIKI.exe -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files (x86)\8db9ce1b\jusched.exe 458baada55e53a17210065b36bdef190_NEIKI.exe File created C:\Program Files (x86)\8db9ce1b\8db9ce1b 458baada55e53a17210065b36bdef190_NEIKI.exe File created C:\Program Files (x86)\8db9ce1b\info_a 458baada55e53a17210065b36bdef190_NEIKI.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\Update23.job 458baada55e53a17210065b36bdef190_NEIKI.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2820 wrote to memory of 2080 2820 458baada55e53a17210065b36bdef190_NEIKI.exe 28 PID 2820 wrote to memory of 2080 2820 458baada55e53a17210065b36bdef190_NEIKI.exe 28 PID 2820 wrote to memory of 2080 2820 458baada55e53a17210065b36bdef190_NEIKI.exe 28 PID 2820 wrote to memory of 2080 2820 458baada55e53a17210065b36bdef190_NEIKI.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\458baada55e53a17210065b36bdef190_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\458baada55e53a17210065b36bdef190_NEIKI.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Program Files (x86)\8db9ce1b\jusched.exe"C:\Program Files (x86)\8db9ce1b\jusched.exe"2⤵
- Executes dropped EXE
PID:2080
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17B
MD5bff3d8f76e182194c4a2abf1aabba9f3
SHA107e5b604bb505a800b3e0ac16fee483b70595768
SHA2566bc8a4f93eaa1b3e7cfa696855bf6a852cf6555d694bc03e337261a27e58246f
SHA5120c5def3bb01ed166d4135190e131c27be4b6039987e269b6c3fca07677b3c637868397f207df631a098182a6bd3c795e6dd34541f82c5ecd6062441af0af7f50
-
Filesize
12B
MD5eb56128b3003fdb13608982c217d835a
SHA18ac201989edf70869b5c8936bf1bbcd9350ebd5c
SHA256bd40e5330ac9e3d4a6b06634de97e14068b47705c6b8cfdd59e02c5b7760d1cb
SHA512143523a02bec100ba4d0f7b11f1581ee10f5c8fc6cf8fbf1e16288b41e2955a15e6afeaff428760052b17eca48c17bd4aeaf6b0cde35134d7c8de8e180859677
-
Filesize
403KB
MD58d23c66b2d01b71ae36e79b4c543db17
SHA10a61a393fbe5398594dbdbb6c8f2900a12b82ac3
SHA256d481e01382d40ae3416f24c3c665f0728c8eba9661425e705efb395e45952c79
SHA512094907d6f7c97821a720b9c7ac18484a46da83e5b39f3eefebbe20e30a5c8f1cea4cf8c879f8d00c3b749f22e06143e961210de0214bb9dfc5c5c1e1b1d14569