Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 21:22

General

  • Target

    39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe

  • Size

    4.1MB

  • MD5

    39ce1a9e6ea14eef61f4785fa5725b10

  • SHA1

    8168d378ab9761de383659128816892e1ab0fc26

  • SHA256

    f5030a7c68a0d63ba7c6aebf321466c9705e64bfb615235bbf56f778220c3ea2

  • SHA512

    a45388c2fae2b88f52beba7dd49dd888a11b07037617297364335c93e60152044a77daee903003f7fada626210e747e6d8309fe5045eef556a901503e1c85595

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpG4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm95n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3088
    • C:\FilesDD\devdobec.exe
      C:\FilesDD\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesDD\devdobec.exe

    Filesize

    4.1MB

    MD5

    c0fd33c1adef1fde7eaf1f0bfba17005

    SHA1

    c57af43e9b27cb1e5da7a2cfd6b4d383ad4b8c31

    SHA256

    090986937a00d97cd876a63b9777b61f99ffe7ccb09805ad27130fd0069d8ca6

    SHA512

    cd6d8901ac934078a687f6dfee134d1f15732242f2bae801e56a5face19cc17856b82de2b8166c3cb1d0066f18a398b2eafd29f72c2a9c9bc52aa7b5d75b12c3

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    200B

    MD5

    81b80853529ae5faa97d810f6a41078d

    SHA1

    aa374f19a02d83aa25af4e9d13429d2728c7afe0

    SHA256

    87b2745ed9a239992373fd7cbec179324cf40747f12898afb92f63633fa670b0

    SHA512

    8ec5207e45dd40435532035e8542e71d126716f245406bac94c6771029568e03d2a62aad1741a100201aa0d00c857bb22a18f94c505b68c9bdfbc0cc742e3762

  • C:\VidCJ\dobaloc.exe

    Filesize

    21KB

    MD5

    88c4193a34bc33ed642c08b873d8f01d

    SHA1

    09090721da01bb4de69a935354eb91e434b18f1b

    SHA256

    885ae505ce1d9fe457313dec50b16b13a0467d754c98013814cc7e643b27ce0e

    SHA512

    bd78e8ee2067c7a441769636d628685fd84921ccd58e82b05257dd862af095dba0fbe9642b38d161c7bad148f749c65592c682bad75a7ad362ae9514d2c6dc50

  • C:\VidCJ\dobaloc.exe

    Filesize

    4.1MB

    MD5

    d2f6cb00c31fe4a4d0f8601cd7baa934

    SHA1

    7044304543e1fed3c39cd417bccd0d21e2bb2b36

    SHA256

    7fa712f313df1ac035d7daa45450b50138b5fd23f5c5b1320deb8beaf83559cf

    SHA512

    f6d353d8d7a4ce9dc8eeab04a06737fe6c74538d2e04001bb8801357bee273f9e0dbe676deb4c8d86d0ac2b4c09225203fdc14db2f9af02b2b554cb30debcb68