Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 13:02
Static task
static1
Behavioral task
behavioral1
Sample
b902011e9b117e847174fda1f45f9e00_NEIKI.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b902011e9b117e847174fda1f45f9e00_NEIKI.exe
Resource
win10v2004-20240426-en
General
-
Target
b902011e9b117e847174fda1f45f9e00_NEIKI.exe
-
Size
94KB
-
MD5
b902011e9b117e847174fda1f45f9e00
-
SHA1
a5c3f20d17ffc53ded83a2f08969a2509521d74b
-
SHA256
7cba2248823d2a645544c919a95fcde92f8e21dab4aa023c2ace89f183388584
-
SHA512
24c67f0f25f2b875317da73c06cdeee9dc197cb20a5c5f958ce8cdda697bd75a5f7c6ba17f1a6d4da2b37a54177bd7622a635b131936192d85f5276c6fec26fa
-
SSDEEP
1536:NDc2kE8H1Akjo13tg/+hxOGj0Sgl0D8HxO6CGHSesXj:N4bjoZtzNj0TBxOSHSl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2260 duxayoxe.exe -
Loads dropped DLL 2 IoCs
pid Process 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2260 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe 28 PID 2916 wrote to memory of 2260 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe 28 PID 2916 wrote to memory of 2260 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe 28 PID 2916 wrote to memory of 2260 2916 b902011e9b117e847174fda1f45f9e00_NEIKI.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b902011e9b117e847174fda1f45f9e00_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\b902011e9b117e847174fda1f45f9e00_NEIKI.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Users\Admin\AppData\Local\Temp\duxayoxe.exe"C:\Users\Admin\AppData\Local\Temp\duxayoxe.exe"2⤵
- Executes dropped EXE
PID:2260
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD5bd6fd221f6c71e899f64921681818944
SHA1f4569c19ca6f5d084dbd3eb3376986ddccbf3cab
SHA256812b60b2016eca47f98bc6ac75e50bb04ba2f5a36e0984cc25d87286e4f0b117
SHA5124174923e8d20ac1cafa904c5ee4904d982bd90893db2f1df77320035944b0a914a701fac9abe0c805d011ef594fd9ca1bd7477dabf55c0719d5af5703eaebc58