Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8e0f0eec4d...KI.exe

windows7-x64

3

8e0f0eec4d...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e0f0eec4dbb5ca6c9789eabfbe176d0_NEIKI.exe

  • Size

    448KB

  • MD5

    8e0f0eec4dbb5ca6c9789eabfbe176d0

  • SHA1

    76b07d162c747451798670a539841135a665c925

  • SHA256

    e39478df1000592ea0c391ed1f15f514b6f72aadb7d20eae058c446980db591b

  • SHA512

    d5392db5d16c6c8bb6ef1720d82594d352e0976390c28892443b0db7921537b97ebf8fce30843c8edf85a369556db56abc5d4c3fd62141937c67b36539b9cad9

  • SSDEEP

    6144:Ack18MipfIUaQYu8tbS6JBEYFW8jb/HVbdsifRe9+HH:AX8Djadu8Jtxr1bBGoH

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e0f0eec4dbb5ca6c9789eabfbe176d0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\8e0f0eec4dbb5ca6c9789eabfbe176d0_NEIKI.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\fck708F.tmp.bat" "C:\Users\Admin\AppData\Local\Temp\8e0f0eec4dbb5ca6c9789eabfbe176d0_NEIKI.exe""
      2⤵
        PID:760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\fck708F.tmp.bat
      Filesize

      32B

      MD5

      02a5e951aca1c6f46910f15bdf52ea6c

      SHA1

      703f98d8d08ea8a1e0629d2ab8df76302a1ea70b

      SHA256

      8929a5b53c82493e57bb0c7da0a87a68bedd59cdbd2fc8f86b51904c395817fa

      SHA512

      578c91ccba05549be678757851f8592b602c691be58dd32839899b9de51cd835a204219a24586984b51fe4f8bfcb71925f6491d3f79210cebbeefb8ea40578e4

      Download Submit

    • memory/1844-0-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/1844-1-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/1844-3-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download

    • memory/1844-2-0x000000000045A000-0x000000000045E000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1844-8-0x0000000000400000-0x000000000047F000-memory.dmp

      Filesize

      508KB

      Download