Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 00:09
Behavioral task
behavioral1
Sample
a79c48cf06445940266124a7558aebf0_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a79c48cf06445940266124a7558aebf0_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
a79c48cf06445940266124a7558aebf0_NEIKI.exe
-
Size
156KB
-
MD5
a79c48cf06445940266124a7558aebf0
-
SHA1
6aa4b463ba231debb37f4816b974d7fb0d192d53
-
SHA256
3bf266d062a52d012d498077f33aa7aa324f70535552979d23b8c730b382f30d
-
SHA512
238ac1f46e808bb2c8f0e90221c7e3803fa5d11e99aba586c4952d35084f1255ceb1b079285ff2ff5526bb9e3b2c6454a4b41ec2d359139622ab20efe1817f1f
-
SSDEEP
3072:1QmK6GEvn9Oa2tr2Y+Lysughilfzc1DZDXdns0blS8iVBXdqTEk05:SmKZG9q2RmCakNi0bvGXdqA
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x0009000000022f51-5.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 4764 ywswmda.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\ywswmda.exe a79c48cf06445940266124a7558aebf0_NEIKI.exe File created C:\PROGRA~3\Mozilla\dzldqrl.dll ywswmda.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a79c48cf06445940266124a7558aebf0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\a79c48cf06445940266124a7558aebf0_NEIKI.exe"1⤵
- Drops file in Program Files directory
PID:1448
-
C:\PROGRA~3\Mozilla\ywswmda.exeC:\PROGRA~3\Mozilla\ywswmda.exe -zhzkoil1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156KB
MD52bb2ea65a61ad0aeccf6995d5e962d1a
SHA18c3210a73f339e12d39b97699745decbb7e6e516
SHA256a37653dd741e5b0beb0bb463f0bfca0e9a6d583760fda2d2220d384e6edec5a7
SHA51284ab528a93687d54a84b9379167488749156457e295c8237ed3afc401680580d095add540d21fa6fccd6b6e69b70e4048b94a753f9ea4d27c77ea12a0e03ea45