Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 22:48
Behavioral task
behavioral1
Sample
8563209274cd91effedd6b6c74c3abe0_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8563209274cd91effedd6b6c74c3abe0_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
8563209274cd91effedd6b6c74c3abe0_NEIKI.exe
-
Size
136KB
-
MD5
8563209274cd91effedd6b6c74c3abe0
-
SHA1
89ed72201445a357b8ee814e1cdc48b9af271da1
-
SHA256
31ad5b6eaa002c74394f3111d3fa60c721ebd93931756fcdacf2ac57000a75f1
-
SHA512
90c7d6ea9af99f8d7b17b4fc6bb38c4b09c4bbe0f678ce0e5eed4f017c36ede713f49fb5a4473b96b52aae80523ff1b54b594592a6c931f65421ab9ebd76f88a
-
SSDEEP
3072:AE9ByF5wP7Ht99mbaa+vKAzWvSVJSwpi6DsL:7907wTr9mea+i6WKQz
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x000b000000023400-6.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 1012 onvmijj.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\onvmijj.exe 8563209274cd91effedd6b6c74c3abe0_NEIKI.exe File created C:\PROGRA~3\Mozilla\gmzywaj.dll onvmijj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8563209274cd91effedd6b6c74c3abe0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\8563209274cd91effedd6b6c74c3abe0_NEIKI.exe"1⤵
- Drops file in Program Files directory
PID:3940
-
C:\PROGRA~3\Mozilla\onvmijj.exeC:\PROGRA~3\Mozilla\onvmijj.exe -ibpmpgd1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD598dd7f95439dad779bdc3b1d667ede55
SHA1d3a90ab70af216731ee2fec62a23633342200d4e
SHA256da6af8a36cb1b88252e6f4b636cfa8b4ee9e3cef4e10276a52a6693061760186
SHA5127844ddc2c9d5211bc76bb2b9932f9bee9d8434122c0ef4b2a9821bd62fca01711ebcdb471bbb2e88d17b1c08395fb9e30c8d9a77b0f74fe28a1d39951f9e6a30