Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    92s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 20:18

General

  • Target

    3a2512e36e8ddd2209f3654eb29ec380_NEIKI.exe

  • Size

    1.3MB

  • MD5

    3a2512e36e8ddd2209f3654eb29ec380

  • SHA1

    6b663895c80bccf4eeb27ec5d93df07de9325739

  • SHA256

    02b1345a3421c57633ab653b1eb5f036781f5943fee8b465268562f18f3d56ab

  • SHA512

    3eb53c999f3ab02a330d25cb1f09551892b72a2283c1593b8fa8459d6631f4abbbab1d50c9e9dacb1bef6aae873c00c5fc95b0c1e1e0240545332314f6282b2a

  • SSDEEP

    12288:C7Z4K9nQ5S6HFaCt5Wgd+gkvMQDabQ82kbj3BmfWBEHN36h/98QPK0t:C7Z4MP6laCt5Wgd+Z0y6n2kPUfWl/9u

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a2512e36e8ddd2209f3654eb29ec380_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\3a2512e36e8ddd2209f3654eb29ec380_NEIKI.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1612-0-0x0000000000400000-0x00000000005E9000-memory.dmp

    Filesize

    1.9MB

  • memory/1612-1-0x00000000020E0000-0x0000000002147000-memory.dmp

    Filesize

    412KB

  • memory/1612-6-0x00000000020E0000-0x0000000002147000-memory.dmp

    Filesize

    412KB

  • memory/1612-11-0x0000000000400000-0x00000000005E9000-memory.dmp

    Filesize

    1.9MB