Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 02:37
Behavioral task
behavioral1
Sample
d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe
Resource
win10v2004-20240226-en
General
-
Target
d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe
-
Size
178KB
-
MD5
d18c14e521f61cfee9e4f39a7a779c00
-
SHA1
4c60afcdaad50c1389ea65579802fd0ed521be51
-
SHA256
99d70bd519fd63196ff7f1687513b2229e2ced9c2b71fee83362b2e8ec9210e1
-
SHA512
c527305cf58bb929f2d41b7c6360dba37829a4c26247ecf27c08729fcd79044b1b08a97a0cf8d89901fecd1f3569aef44c63158b9c7ba247d024b2cb595de3ee
-
SSDEEP
3072:+Yubs4vIPfIOKyCRfyJiJJMXybJg30TZZ+MbpqdNjfBDckH8sbigzwQj1j:Puk6fK6tixMbwNL+kDrV
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
resource yara_rule behavioral2/files/0x0008000000023230-7.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 4768 crdkdxb.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\crdkdxb.exe d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe File created C:\PROGRA~3\Mozilla\xczzoaa.dll crdkdxb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\d18c14e521f61cfee9e4f39a7a779c00_NEIKI.exe"1⤵
- Drops file in Program Files directory
PID:760
-
C:\PROGRA~3\Mozilla\crdkdxb.exeC:\PROGRA~3\Mozilla\crdkdxb.exe -ofessij1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵PID:2392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
178KB
MD50361e1aa69d1a80806b33cccb2a5b2df
SHA197e554bca9be75b68faa55abb2f00f00e38b54b3
SHA256a3c7ec1c4a2ecc76575a78269b057c3a11f3835bcdfd1ee2f62aa969f5f93e1f
SHA512c33129c6f8bb7545503a63d2183a45242d95e4e1a6a1368930707513da6cb9cf5c94006de2e5cfef7046ddfa236530588b1e6c87b7ab7064d704f210ea3dc929