Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 01:00
Behavioral task
behavioral1
Sample
b57898828a606cbd0805e0b1026f3360_NEIKI.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b57898828a606cbd0805e0b1026f3360_NEIKI.exe
Resource
win10v2004-20240508-en
General
-
Target
b57898828a606cbd0805e0b1026f3360_NEIKI.exe
-
Size
139KB
-
MD5
b57898828a606cbd0805e0b1026f3360
-
SHA1
856385996fa8c6d7f609dfbcfb991b8104cdc154
-
SHA256
8064c8cd692c06380045502805adab88ddce583e0780d537d6d5051cf1eb9a01
-
SHA512
2231eeb4da659810647d499a153e90da69e5b744ce5b3078e757c67d5046bbe97bb6b668080aa8c1c6e603e57aedc67d68950e191527e6b50143dcac6b280809
-
SSDEEP
3072:ri0FEplmmNJ/CHd6bOjU2GNUWdyeERIdbpI:lEr7J6rQ1NUWdyDR/
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x0009000000023416-6.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 3704 onvmijj.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\onvmijj.exe b57898828a606cbd0805e0b1026f3360_NEIKI.exe File created C:\PROGRA~3\Mozilla\gmzywaj.dll onvmijj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b57898828a606cbd0805e0b1026f3360_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\b57898828a606cbd0805e0b1026f3360_NEIKI.exe"1⤵
- Drops file in Program Files directory
PID:1732
-
C:\PROGRA~3\Mozilla\onvmijj.exeC:\PROGRA~3\Mozilla\onvmijj.exe -ibpmpgd1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD59c7a89f488a5a909f6614fd8098b435b
SHA1d442785ac5ffc96203db54fb09aeec31b0dd0344
SHA25655089e2b517b9d16dec081ae39e41014a6e87f71af4a98e30e956c0b3bf9dfdd
SHA512d6653f9e1208a8fcf0e1c24793cd94e4977a636ced7fe16a45c3ea4b3783d2a2ad34eb4067175f3b64c8c8f43e8c11da09e74461b38969cf658ff5317cd6923e