Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 00:18
Behavioral task
behavioral1
Sample
aa120751f3688034d1c09796fb6a4710_NEIKI.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
aa120751f3688034d1c09796fb6a4710_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
aa120751f3688034d1c09796fb6a4710_NEIKI.exe
-
Size
33KB
-
MD5
aa120751f3688034d1c09796fb6a4710
-
SHA1
48494995c1b7c5720e409132bf803f32731bd7d8
-
SHA256
57a6faecce8f65cfa66e2cd2e16283e4862fbe8f4717ccde2600deeedb296cce
-
SHA512
a9bdba24e49e55031ff40eb61f11a1931b3658580775befd75f21a7d0b7653f180a001a22544fe1dc90e4f5674b2f2c37c4334b545ed7fa79e54582058999fb2
-
SSDEEP
768:r5Gsq/XQGcoGVzUDWbcvZOkglUWJY3ggxfha5:r5GD/XPgQGcvZORS3g+
Malware Config
Signatures
-
resource yara_rule behavioral2/files/0x0001000000021570-8.dat aspack_v212_v242 -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\b: aa120751f3688034d1c09796fb6a4710_NEIKI.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\native2ascii.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\lcms.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstack.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\rmid.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\xerces.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jjs.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\policytool.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\dotnet\dotnet.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\dom.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\asm.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\klist.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\javaws.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jstat.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\ssvagent.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\7-Zip\7zG.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\icu.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Internet Explorer\ExtExport.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\jdb.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\icu.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jre-1.8\legal\jdk\xalan.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\AppVLP.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\extcheck.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\unpack200.exe aa120751f3688034d1c09796fb6a4710_NEIKI.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md aa120751f3688034d1c09796fb6a4710_NEIKI.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2204 wrote to memory of 536 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 81 PID 2204 wrote to memory of 536 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 81 PID 2204 wrote to memory of 536 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 81 PID 2204 wrote to memory of 1300 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 82 PID 2204 wrote to memory of 1300 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 82 PID 2204 wrote to memory of 1300 2204 aa120751f3688034d1c09796fb6a4710_NEIKI.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Windows\SysWOW64\at.exeat 1 /delete /yes2⤵PID:536
-
-
C:\Windows\SysWOW64\at.exeat 12:23:36 AM "C:\Users\Admin\AppData\Local\Temp\aa120751f3688034d1c09796fb6a4710_NEIKI.exe"2⤵PID:1300
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
MD54cd48bbddd29ca31d34a9d67fc3a2075
SHA1f85bbfa79f2671bb38aefaa908178ec5fe130dfb
SHA256ce92525ccc1032ab71607dd0c98509f17539edb78d2ea1ee7fe280d4951f55b6
SHA51204ab035119a4e3ba29aef947318f8cfea588a24dbb357ab24f20e5520ea9853e3f824d07429e5da2e3e4c19ba063cb88257ea5ae417189727e7179d740e7fcaf