Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
Resource
win10v2004-20240419-en
General
-
Target
2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe
-
Size
97KB
-
MD5
2f01a66d2e6afa7aa68021eaca9a1a80
-
SHA1
141559dd9e7bdc3031a4b7c19626c5d95bf17eb6
-
SHA256
c6cbaf43070a6e4d8de235fbcce231c96bf8efc6b8d3fccfafbdad19eb2f8c2a
-
SHA512
91294c0f72b1857504c14d7560f30e5393428d0babea062576d880ae355efb7b8f961f8a9cca52c78c2542fd6030f4b69ec119d3ca695a3fd66f8907676ce8d8
-
SSDEEP
1536:G1zzy48untU8fOMEI3jyYf6iuOBq1mPK3WWIthoB5:8zltUeOsBnqEMWWIthof
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1832 wrote to memory of 1776 1832 2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe 85 PID 1832 wrote to memory of 1776 1832 2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe 85 PID 1832 wrote to memory of 1776 1832 2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe 85 PID 1776 wrote to memory of 3412 1776 cmd.exe 86 PID 1776 wrote to memory of 3412 1776 cmd.exe 86 PID 1776 wrote to memory of 3412 1776 cmd.exe 86 PID 3412 wrote to memory of 4244 3412 iexpress.exe 87 PID 3412 wrote to memory of 4244 3412 iexpress.exe 87 PID 3412 wrote to memory of 4244 3412 iexpress.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4621.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\2f01a66d2e6afa7aa68021eaca9a1a80_NEIKI.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Windows\SysWOW64\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed3⤵
- Suspicious use of WriteProcessMemory
PID:3412 -
C:\Windows\SysWOW64\makecab.exeC:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"4⤵PID:4244
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD502dba5f37067292355c6d01a57d4ef48
SHA17c67ab3f99fbf7a53018dd295d2968c525db83d9
SHA2568b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242
SHA51212201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a
-
Filesize
98KB
MD50b6e97e10e10aba815033b27e934cd91
SHA142227f8fed313debba547e84c953d8d036e6ecce
SHA256db33ca342dfe6f3bc354eafaa9cee701438ba5536f4cfb8208c0e1296335508d
SHA512c92eae5a722b9cc4943e7df35e39b54d74bbbf9e59e3167cb444ae9fe5a685809ea19847a71374356aec7014e9e600ab95cfc880c7e5dc7a587bddd0d53c344d
-
Filesize
724B
MD5c3ca008abd6997c4b036a7e8be75cb2c
SHA105f7a3527bb04c691b08f040f562582035398829
SHA25629ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3
SHA512bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083