Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 06:30
General
-
Target
9082ac7eee8fc7d2e85eee55b5f23dc0_NeikiAnalytics.exe
-
Size
810KB
-
MD5
9082ac7eee8fc7d2e85eee55b5f23dc0
-
SHA1
734b7c42b6617220beba73475ebf178d1965a0de
-
SHA256
3df2a4e81c141afc4dc8521769cd3728687041fa3968af7de5dce1e8f6ca13a5
-
SHA512
290fe12f67328db206d9469b92537e972e0202dcee32b495904324e4764ba8d5dbb079ce8d76cae4bf84e88f8336bcd60c1de6c222cc6ed9ac1357384f4541cc
-
SSDEEP
12288:zJB0lh5aILwtFPCfmAUtFC6NXbv+GEBQqtGSs9U3NL9WEEoLPw9In+KbH8:zQ5aILMCfmAUjzX6xQt9U3917Lwy+Kj8
Malware Config
Signatures
-
KPOT
KPOT is an information stealer that steals user data and account credentials.
-
KPOT Core Executable 1 IoCs
-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader 1 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\9082ac7eee8fc7d2e85eee55b5f23dc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9082ac7eee8fc7d2e85eee55b5f23dc0_NeikiAnalytics.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exeC:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe3⤵
-
-
-
C:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exeC:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe2⤵
-
-
C:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exeC:\Users\Admin\AppData\Roaming\WinSocket\9092ac8eee9fc8d2e96eee66b6f23dc0_NeikiAnalytict.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
810KB
MD59082ac7eee8fc7d2e85eee55b5f23dc0
SHA1734b7c42b6617220beba73475ebf178d1965a0de
SHA2563df2a4e81c141afc4dc8521769cd3728687041fa3968af7de5dce1e8f6ca13a5
SHA512290fe12f67328db206d9469b92537e972e0202dcee32b495904324e4764ba8d5dbb079ce8d76cae4bf84e88f8336bcd60c1de6c222cc6ed9ac1357384f4541cc
-
Filesize
56KB
MD5fbb7c639a87aaec216c590aef05a4de2
SHA1726bc7df10ed7b93fc0927e5d6f809320cca1752
SHA256e2f32d6ec3d6a232bca483b0c305330b95254969fc8c00a5c0654341a041bd10
SHA5123f547c34790ab8ab7dd1c7cd7a84a42a0c56bbfc77758b0400958b7f5f02db1de68ff8803e585b59f914d18858545b84f7f01d700d764cc9d5fda151ea6bc154
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
456KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.8MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
456KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
4KB
-
Filesize
760KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
456KB
-
Filesize
4KB
-
Filesize
164KB