Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
09/05/2024, 16:58
General
-
Target
9ad26993c84d8b7c527355995b177050_NeikiAnalytics.exe
-
Size
126KB
-
MD5
9ad26993c84d8b7c527355995b177050
-
SHA1
3e8f245fb0fe032dff264727e7611dd3d9689c5a
-
SHA256
b7c8bf81db41528d60085c4c0e5e70c367b38446c69cee3d0e6051024e9bb92c
-
SHA512
0c0f1315d20621642e688ce45661cd07255312e41722d07a614993d7399d76095797e7b4788a5418b680bf0f849fa7db41b6db99405e81c4380c9c170cf63014
-
SSDEEP
1536:aEGJ0o0lYunMxVS3HgdoKjhLJh731xvsr:aEGJ0o0llMUyNjhLJh731xvsr
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ad26993c84d8b7c527355995b177050_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9ad26993c84d8b7c527355995b177050_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{506E3204-0950-49dc-B1F0-6083B624DECF}.exeC:\Windows\{506E3204-0950-49dc-B1F0-6083B624DECF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC214496-D9F9-44fa-A510-F945D31B1194}.exeC:\Windows\{BC214496-D9F9-44fa-A510-F945D31B1194}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9A8623FB-E8F5-4984-82BB-355C118D47EC}.exeC:\Windows\{9A8623FB-E8F5-4984-82BB-355C118D47EC}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{18230A31-74DC-426d-B19A-0B4F2C502954}.exeC:\Windows\{18230A31-74DC-426d-B19A-0B4F2C502954}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{15FAAA60-CCD1-4c2c-85B9-1B8020A82BBB}.exeC:\Windows\{15FAAA60-CCD1-4c2c-85B9-1B8020A82BBB}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DAC4A672-1B00-4ff3-8D62-641A6317E2AB}.exeC:\Windows\{DAC4A672-1B00-4ff3-8D62-641A6317E2AB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70FDF505-84E1-4271-8DA4-F4DB778452D3}.exeC:\Windows\{70FDF505-84E1-4271-8DA4-F4DB778452D3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{23BA1F6F-346B-41b7-9994-033494654281}.exeC:\Windows\{23BA1F6F-346B-41b7-9994-033494654281}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{38B3901A-0037-41d6-ACA5-FB9DEEDD66D3}.exeC:\Windows\{38B3901A-0037-41d6-ACA5-FB9DEEDD66D3}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{89087451-14FA-4ca7-AF00-3E1DA27EE8A6}.exeC:\Windows\{89087451-14FA-4ca7-AF00-3E1DA27EE8A6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5EC16B76-63E0-44b0-992E-E9D4EE509266}.exeC:\Windows\{5EC16B76-63E0-44b0-992E-E9D4EE509266}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89087~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38B39~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23BA1~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70FDF~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAC4A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{15FAA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{18230~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9A862~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC214~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{506E3~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9AD269~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126KB
MD5263b8ba2b97c83242416c8ef235120d4
SHA10d512b015066fc6d7a6d7e8b1f970b2aa4edf12d
SHA2567edc0bf8a9c6752e0f00535699f643b5c7fbd8e243974c7d672745c0622d9314
SHA5126993a4f64e22ea2af79c4e4ad39dec9c195831c2df17e39d220d98a53827d43c83a7e5fdf4168052afc9df975434cfadd55a8262f3ddcb4fe60dd71fbd8997f1
-
Filesize
126KB
MD5dd1da5b34be5d8f9de7081ab7f431376
SHA1654048308438a352f172ebf2780147273723ed6c
SHA2564ad488e95757b2027952914a57e13f5f6bc5cfa5680d3712b42a0aed8c51cacf
SHA5126afb3f09057ecda2d1e85528f11a6a2db18f6a35e471069c13479493646982a631da73bd00ac2a79ecffaace49c3cc53e4a7f13baa3b15d5bf4a2c4bb089f234
-
Filesize
126KB
MD53bc04dca2ac1e58db48570a6b5c46550
SHA1c8037d85b3358de6315371b6be3f671875efbe62
SHA256dde35aa906428aff6b066ae586f1b7cd563ad72b35dad0500339047676f80b70
SHA5120bbaff63255596d3d0969b99efcb10fe737a1983777676de07b44950445360be18589019623933b28166e8cf42d396988a3b1faac3edf99c73845ca3eaa584d4
-
Filesize
126KB
MD547eb025f818b464e4240d90bd78dbacd
SHA12b268d15b98cbbf275ade47929437829b66be951
SHA256c0d1499976d1f4407c0d0ff72d560a383a9dba14fd59efab89d525932b81eca5
SHA512329dded67c7f0d5af48fa07cf33d7a07fb8dbf7e857f9369a88d64345245508df26c96d115b3e65cbb4338ba3397068b1ea713ff34f024b1bfd7e043d8338114
-
Filesize
126KB
MD57d07808a36ad3610766ea8fd3c677c33
SHA12891f45b1d58cfe072884af0eda292eb4424e0be
SHA2565ec57a552b8c676faefb3859e2c4f65a250c86f8e66bb3c98ac0571aabbc7cce
SHA512209ed4c1cd3858e404c79f5a16f99365c5ca589f7d61b822223de00fef0cc7e23e7303ff65dc9f35fcc085b886d4363b68cf12270f3850a9ae8f32d7efd7a244
-
Filesize
126KB
MD5bdff16d4d5d9468054afcf728dea3a54
SHA1906913254f81be13b9f1ad7035826ab957112fc0
SHA256dc619864532cf15e6f4f0338c28ff26f2bb43ba1606adf239b3e5064ee5273b9
SHA512025f60a9fb1f305b4314b8dbc1f5f0c9aec99afab4d2c22d8f9ff6159cc31a061e4691dec458f164abf205335835d9597d7231d9a7d49e1ce7323126e5eddb23
-
Filesize
126KB
MD52c254232b8f7137d9680044a2db8902f
SHA148148cc88b1237df0d70fee31c2b2bc3841f81ec
SHA256f031584a6ba5c7351081cc27d3517b27c06c642855505e196c030fa61a1cf8d0
SHA512ff5d9106abc3d2dc8df920ed20e13b5bb6b7807fcb531561b75ef6eca84e5a7d068a674b6678ecd68d9fa45e5b4bc2559cd2c0b7ea366835ca01f98dfa5b7ee8
-
Filesize
126KB
MD59e95e4cc79132a92e60c02968ab01fe3
SHA1914f12df1ef2155223b719fbc8f9832cf9c83157
SHA2569e792f32f2a090551f4008d97c53eec2b60f4e32df8796296bcd68556ddcdb76
SHA512a911142bb02afcfd4dfaefdfe4440514c43253e2695de96e9b8de6423570d03b57b719fa46352a3f80c36f35bc2743974c8f696c0be51849ae246002c048671d
-
Filesize
126KB
MD5abf71714f538a30ca2c73acbba977939
SHA17d5a7eece3e963f7a1fab273e32e9756e8b12414
SHA2564aa21823ca77e0fec551d6eaffd007c5e94353886428140f620bf782ed355dbc
SHA51244f6eddddaa0263c376930ce3d1a1835ed1172a9729a31ffcd07a449bd01385bff3a4e6f9cbed188561615412cf57a205ca41e3798b1578bb052478af775946e
-
Filesize
126KB
MD5d40956a72dfb6570a2087df24a0aa7dc
SHA183fffc8d9a24358f9131a27924132ee3ff4c5b4f
SHA2567e1c09e8334a2f72a66952a7b1c188645f6e9b4898e21bf1144a04119c4ae997
SHA512d082b36916689ee3231e44fec4f032e6040c978a51230018e49ad6f4050adeae460520c2ba7a6b3d73bd058e76e8a7293ec819ea9a5fe5b6f4c38a00e2af18df
-
Filesize
126KB
MD55290a221072475f864f76046cc0637f6
SHA1425e4567a86bfa689e9935f27b4d89ae3eef75b0
SHA256746eaec0ae63f18127d671b82337200d6fa7cbf593731ac5ffbfa84f48d53b10
SHA5123359e3a78970abbe322ad469413db31195f28535d3c8e7d4b954ec6495776b9bd8f8516d1b937d37630b6a515a4b5237303e23bf320db937c0a54ab63ee97426
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB