Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 20:52

General

  • Target

    2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe

  • Size

    97KB

  • MD5

    2f01a66d2e6afa7aa68021eaca9a1a80

  • SHA1

    141559dd9e7bdc3031a4b7c19626c5d95bf17eb6

  • SHA256

    c6cbaf43070a6e4d8de235fbcce231c96bf8efc6b8d3fccfafbdad19eb2f8c2a

  • SHA512

    91294c0f72b1857504c14d7560f30e5393428d0babea062576d880ae355efb7b8f961f8a9cca52c78c2542fd6030f4b69ec119d3ca695a3fd66f8907676ce8d8

  • SSDEEP

    1536:G1zzy48untU8fOMEI3jyYf6iuOBq1mPK3WWIthoB5:8zltUeOsBnqEMWWIthof

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4621.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Windows\SysWOW64\iexpress.exe
        iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3412
        • C:\Windows\SysWOW64\makecab.exe
          C:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"
          4⤵
            PID:4244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\4621.tmp\1.bat

      Filesize

      1KB

      MD5

      02dba5f37067292355c6d01a57d4ef48

      SHA1

      7c67ab3f99fbf7a53018dd295d2968c525db83d9

      SHA256

      8b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242

      SHA512

      12201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a

    • C:\Users\Admin\AppData\Local\Temp\popup.sed

      Filesize

      98KB

      MD5

      0b6e97e10e10aba815033b27e934cd91

      SHA1

      42227f8fed313debba547e84c953d8d036e6ecce

      SHA256

      db33ca342dfe6f3bc354eafaa9cee701438ba5536f4cfb8208c0e1296335508d

      SHA512

      c92eae5a722b9cc4943e7df35e39b54d74bbbf9e59e3167cb444ae9fe5a685809ea19847a71374356aec7014e9e600ab95cfc880c7e5dc7a587bddd0d53c344d

    • C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDF

      Filesize

      724B

      MD5

      c3ca008abd6997c4b036a7e8be75cb2c

      SHA1

      05f7a3527bb04c691b08f040f562582035398829

      SHA256

      29ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3

      SHA512

      bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083