Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 15:41

General

  • Target

    783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

  • Size

    3.5MB

  • MD5

    783304afd72c993aa63411e471c58a10

  • SHA1

    7b0bf45e24eee94c78023ee01e61f19bd76bb766

  • SHA256

    064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03

  • SHA512

    e2a02830feabc079003ded9a9e4fafe7e8e0f7a117c7bbc3cade954ff2eb5e8b0928483001b67812e7654f5f1c5bacad482670592307bf42ffe539f18348c92a

  • SSDEEP

    98304:I/GNO3nlp5APPArknZvcrzQSxD8VDuk6T:I/Gsnj5AUknWrEQQDufT

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /start=1 /path=
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /d /c cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:328
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /d /c cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:456
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /d /c "C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe" /param=1
            5⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:1656
            • C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe
              C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe /param=1
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\#_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

    Filesize

    1.8MB

    MD5

    01fe6ff3d2664e3ddaf98724b0639f89

    SHA1

    40c535f27ff017e338f5c376a11403cdf65183df

    SHA256

    7c85adeb7727f0018dd042ad8aa141f9f4af1767ef0fb95116a2e98b76b28ba4

    SHA512

    6ff58234edca4c5246478b6f21bac899fa0505fc7d32e6a8aba5fd66de439560da1c3eb53c0880fc08559308d1675cdb6a5ca1c2991b3957087ad6e918b7d3d9

  • C:\Users\Admin\AppData\Local\Temp\nso894D.tmp\fhelp.dll

    Filesize

    359KB

    MD5

    950afc3a4658d36700f4a51c70a6d706

    SHA1

    65ede985830eedf771aed113b56e8be255e14af2

    SHA256

    32de26d099d8f0b0d2945c9ef2d47f5f97a23ee8146a7318846510e7e9382525

    SHA512

    ae529e7960bc7fd8a9940e039cbfb2b6a8d145dac52ae61751f9774b7866a53640ae48e18e6d0d4906f234ab3702b14cc47a26b44789cca697caf6788684a860

  • C:\Users\Admin\AppData\Local\Temp\nso894D.tmp\msgbox.dll

    Filesize

    90KB

    MD5

    529addc01ba0b31f89ba74518837f03d

    SHA1

    770bd27e1faa4a2a7ef4a15f53b95661cc314df4

    SHA256

    f01d831cbd676d7acdeba923bd3f03af733e7dcf83611e84c17561b6ac9412dc

    SHA512

    0c171ec9456afb6701d2e1accf408a0e36db28977faeee8492e7ba9cf6a1c6d0677b28b3a123264ffe87f366a852698906a8519d6a5c436b500688bbc7dcee82

  • \Users\Admin\AppData\Local\Temp\_783304afd72c993aa63411e471c58a10_NeikiAnalytics.exe

    Filesize

    3.5MB

    MD5

    783304afd72c993aa63411e471c58a10

    SHA1

    7b0bf45e24eee94c78023ee01e61f19bd76bb766

    SHA256

    064445b7a7dee55746f3ba1bdaaec5ac1e35cab7e015fd399e36a38cfa7e2a03

    SHA512

    e2a02830feabc079003ded9a9e4fafe7e8e0f7a117c7bbc3cade954ff2eb5e8b0928483001b67812e7654f5f1c5bacad482670592307bf42ffe539f18348c92a

  • \Users\Admin\AppData\Local\Temp\nso894D.tmp\Banner.dll

    Filesize

    4KB

    MD5

    a748a0a7a7eb56ad356cce710968a380

    SHA1

    a8cd1e978a4b481f410fc5205ca5a29cdb2c22e7

    SHA256

    33409ceab861b0164a9ec3a0395934cade72e2ef1f14a9468a604892b2bbcbd9

    SHA512

    05433019dc827399b00195461fcc58f287d53b34fdeb29c5e402563f83e5e702ac8d9e0978ee87ed7c15dd26d7e76b37751f5d55dec49cde8ea74879dd0c3648

  • \Users\Admin\AppData\Local\Temp\nso894D.tmp\System.dll

    Filesize

    10KB

    MD5

    56a321bd011112ec5d8a32b2f6fd3231

    SHA1

    df20e3a35a1636de64df5290ae5e4e7572447f78

    SHA256

    bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    SHA512

    5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

  • \Users\Admin\AppData\Local\Temp\nso894D.tmp\inetc.dll

    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

  • \Users\Admin\AppData\Local\Temp\nso894D.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    e19264354099e4ecc11fabe7c83daa22

    SHA1

    224e01bd004043bb7fa5a4b9af7e72fe971e16dd

    SHA256

    dad73112811567680f6cd57918ed1dff059a4d29727e0007ea48393e81e4976a

    SHA512

    8848c968dfb7af6fdabcedd215d63dc92c4947de105680f31403380c7daccc77aea0ac09abf25f90b073290950c70d70bebeb8748957e26ad80236bb59f20dcf

  • \Users\Admin\AppData\Local\Temp\nso894D.tmp\nsProcess.dll

    Filesize

    4KB

    MD5

    faa7f034b38e729a983965c04cc70fc1

    SHA1

    df8bda55b498976ea47d25d8a77539b049dab55e

    SHA256

    579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

    SHA512

    7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

  • \Users\Admin\AppData\Local\Temp\nso8F65.tmp\INetC2.dll

    Filesize

    21KB

    MD5

    92ec4dd8c0ddd8c4305ae1684ab65fb0

    SHA1

    d850013d582a62e502942f0dd282cc0c29c4310e

    SHA256

    5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    SHA512

    581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

  • \Users\Admin\AppData\Local\Temp\nso8F65.tmp\feature.dll

    Filesize

    989KB

    MD5

    ee58e51a81c73589acfea3fa9cc3b7e7

    SHA1

    75b31d84094bcd04e459ed0ba03475c204022a70

    SHA256

    7c167dcba0a6a996f739ee00628a52d7ed20442aaf64f51a408a3cc639375ee2

    SHA512

    46bd806a910acfedc7abd0a2410e808a0ef2dffb899849e858fbe32c2be60e51dc85a058c4c64cb3515a866426d1b63534edd3ea1ea236dec593357b31ecd215

  • \Users\Admin\AppData\Local\Temp\nso8F65.tmp\fmoroz.dll

    Filesize

    372KB

    MD5

    ed088e979436d402137c61d867b7877f

    SHA1

    a45953dbcd3240ea6c312918da6810bba7218d8b

    SHA256

    10fc289863394c60d735a1c5b79c0c065289e8f7fd3dcbffb92f0de5b1e0313a

    SHA512

    1bb18fff68da23cfb61a2b9b6c149cb8a9c9bcf3c82685c74e75fdab84e764c023c574f971de6f9a42e4eefd0aa305e176df72abe5f04305f6e0ee163ea71522

  • memory/1372-155-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/1372-120-0x00000000048B0000-0x00000000048CD000-memory.dmp

    Filesize

    116KB

  • memory/1372-135-0x00000000061D0000-0x0000000006244000-memory.dmp

    Filesize

    464KB

  • memory/1372-144-0x00000000061D0000-0x00000000062CB000-memory.dmp

    Filesize

    1004KB

  • memory/1372-88-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/1372-151-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/1372-152-0x00000000061D0000-0x00000000062CB000-memory.dmp

    Filesize

    1004KB

  • memory/1372-157-0x00000000061D0000-0x0000000006244000-memory.dmp

    Filesize

    464KB

  • memory/1372-176-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/1372-180-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/1372-184-0x0000000010000000-0x000000001006F000-memory.dmp

    Filesize

    444KB

  • memory/2292-3-0x0000000000960000-0x0000000000961000-memory.dmp

    Filesize

    4KB

  • memory/2292-11-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

  • memory/2292-0-0x0000000000400000-0x000000000090A000-memory.dmp

    Filesize

    5.0MB

  • memory/2292-23-0x0000000005300000-0x000000000580A000-memory.dmp

    Filesize

    5.0MB

  • memory/2292-13-0x00000000035C0000-0x00000000035C1000-memory.dmp

    Filesize

    4KB

  • memory/2292-20-0x0000000000380000-0x00000000003E0000-memory.dmp

    Filesize

    384KB

  • memory/2292-22-0x0000000000400000-0x000000000090A000-memory.dmp

    Filesize

    5.0MB

  • memory/2292-2-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

  • memory/2292-1-0x0000000000380000-0x00000000003E0000-memory.dmp

    Filesize

    384KB

  • memory/2292-4-0x0000000000990000-0x0000000000991000-memory.dmp

    Filesize

    4KB

  • memory/2292-5-0x0000000000C70000-0x0000000000C71000-memory.dmp

    Filesize

    4KB

  • memory/2292-6-0x00000000009B0000-0x00000000009B1000-memory.dmp

    Filesize

    4KB

  • memory/2292-7-0x0000000000950000-0x0000000000951000-memory.dmp

    Filesize

    4KB

  • memory/2292-12-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

  • memory/2292-10-0x00000000035F0000-0x00000000035F1000-memory.dmp

    Filesize

    4KB

  • memory/2292-8-0x00000000035B0000-0x00000000035B1000-memory.dmp

    Filesize

    4KB

  • memory/2292-9-0x00000000035A0000-0x00000000035A2000-memory.dmp

    Filesize

    8KB

  • memory/2484-154-0x00000000057D0000-0x000000000583F000-memory.dmp

    Filesize

    444KB

  • memory/2484-149-0x0000000000400000-0x000000000090A000-memory.dmp

    Filesize

    5.0MB

  • memory/2484-39-0x00000000042B0000-0x00000000042CD000-memory.dmp

    Filesize

    116KB

  • memory/2484-175-0x00000000057D0000-0x000000000583F000-memory.dmp

    Filesize

    444KB

  • memory/2484-150-0x00000000057D0000-0x000000000583F000-memory.dmp

    Filesize

    444KB

  • memory/2484-179-0x00000000057D0000-0x000000000583F000-memory.dmp

    Filesize

    444KB

  • memory/2484-24-0x0000000000400000-0x000000000090A000-memory.dmp

    Filesize

    5.0MB

  • memory/2484-77-0x00000000057D0000-0x000000000583F000-memory.dmp

    Filesize

    444KB