Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

41b399d066...KI.exe

windows7-x64

7

41b399d066...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 20:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41b399d066faef52858f02e65f307300_NEIKI.exe

  • Size

    29KB

  • MD5

    41b399d066faef52858f02e65f307300

  • SHA1

    fa3320164e52fa3d2cdf10ce308e674f488a5ff4

  • SHA256

    961fb7e897001ff74d13296e82a80c2089ea9c990f9a7ddde607694b16371ca8

  • SHA512

    3c6f074f1e39a9a09f439a198f4760f03d1931d74519be9ece33b6a1757b4b2013e1f8b27d7340ffe0004fbd6e213b978edd98ee3e8fe8a5a07092a8aa381996

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/S:AEwVs+0jNDY1qi/qa

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41b399d066faef52858f02e65f307300_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\41b399d066faef52858f02e65f307300_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:288

Network

  • flag-us
    DNS
    alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.6
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.194.3
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.8.44
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.11.7
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.13
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.40.1
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.41.0
  • flag-us
    DNS
    gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    75.2.70.75
    alumni.caltech.edu
    IN A
    99.83.190.102
  • flag-us
    DNS
    mx.alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mx.gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.gzip.org
    IN A
    Response
  • flag-us
    DNS
    mail.alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    smtp.alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mail.gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.gzip.org
    IN A
    Response
    mail.gzip.org
    IN CNAME
    gzip.org
    gzip.org
    IN A
    85.187.148.2
  • 10.128.8.216:1034
    services.exe
    152 B
     3
  • 10.64.166.181:1034
    services.exe
    152 B
     3
  • 10.37.232.110:1034
    services.exe
    152 B
     3
  • 192.168.56.172:1034
    services.exe
    152 B
     3
  • 10.150.78.55:1034
    services.exe
    152 B
     3
  • 52.101.42.6:25
    alumni-caltech-edu.mail.protection.outlook.com
    41b399d066faef52858f02e65f307300_NEIKI.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    152 B
     3
  • 172.16.1.5:1034
    services.exe
    152 B
     3
  • 75.2.70.75:25
    alumni.caltech.edu
    41b399d066faef52858f02e65f307300_NEIKI.exe
    152 B
     3
  • 85.187.148.2:25
    gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    152 B
     3
  • 10.127.0.3:1034
    services.exe
    152 B
     3
  • 192.168.10.100:1034
    services.exe
    52 B
     1
  • 85.187.148.2:25
    mail.gzip.org
    41b399d066faef52858f02e65f307300_NEIKI.exe
    52 B
     1
  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    92 B
     204 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.42.6
    52.101.194.3
    52.101.8.44
    52.101.11.7
    52.101.42.13
    52.101.40.1
    52.101.41.0

  • 8.8.8.8:53
    gzip.org
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    gzip.org
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    64 B
     96 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    75.2.70.75
    99.83.190.102

  • 8.8.8.8:53
    mx.alumni.caltech.edu
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    67 B
     145 B
     1
    1

    DNS Request

    mx.alumni.caltech.edu

  • 8.8.8.8:53
    mx.gzip.org
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    57 B
     124 B
     1
    1

    DNS Request

    mx.gzip.org

  • 8.8.8.8:53
    mail.alumni.caltech.edu
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    69 B
     147 B
     1
    1

    DNS Request

    mail.alumni.caltech.edu

  • 8.8.8.8:53
    smtp.alumni.caltech.edu
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    69 B
     147 B
     1
    1

    DNS Request

    smtp.alumni.caltech.edu

  • 8.8.8.8:53
    mail.gzip.org
    dns
    41b399d066faef52858f02e65f307300_NEIKI.exe
    59 B
     89 B
     1
    1

    DNS Request

    mail.gzip.org

    DNS Response

    85.187.148.2

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpA70B.tmp
    Filesize

    29KB

    MD5

    31bb9069a0c8600d0166f1c04115efa6

    SHA1

    63ca77084e6a91cc89a1886913ad5d0e391ec323

    SHA256

    8d791ded1d995e313a1ce67d43679865ba9f6596cb4b77952bbc5591d16608ad

    SHA512

    6bacb90136663e0e1497dd0a4772b509c1bed2d17cc72f4d2997834aa4b613398ce5f27d9133e40ecb289b786f31977250c6fb99be86f5201840731ec80a5924

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    320B

    MD5

    e2d2575972d19917ce79413b3bdc0636

    SHA1

    f37db932111c353598c31d53ffcfbd2b2af37cae

    SHA256

    8a3950d2800bfa75c3be7f12f5084366b9e3f01f822128504926c4a137ed7271

    SHA512

    37b410c88c11996871f5244800923d58ada981202222f02b81279e7f831077b6e66ff09494dd5fcef213111adce457972b423a8bf345d4f7bf958f032025ffbf

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/288-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-35-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-90-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-85-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-78-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-47-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-83-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-52-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/288-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2440-51-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2440-77-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2440-4-0x00000000002A0000-0x00000000002A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2440-82-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2440-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2440-84-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2440-23-0x00000000002A0000-0x00000000002A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2440-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.