Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe
-
Size
258KB
-
MD5
9c7a2f78c3eebdee2d1a7bfb40467460
-
SHA1
0f85868317534181f4667af44944b0a6a275ca41
-
SHA256
e3e1d817de443abd1a287f12130b236e25064eca464b6d6a54f9a43f04031ec3
-
SHA512
813243075724b5335eec9f473f75c179e784b8b3468227b4fc33a12c29adc68cbf8232d5bd96759916e1dbc579a3d3cfb0d0dfb86f01fd4ddb1371dcbcc0d129
-
SSDEEP
6144:SNBn5rvqq1RqOXn6CRayuQFK2DYRn1oT/u8iYj:Sr5eI9n5RZtFLhxj
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2540 racmzae.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\ttbtowf.dll racmzae.exe File created C:\PROGRA~3\Mozilla\racmzae.exe 9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2372 9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe 2540 racmzae.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1668 wrote to memory of 2540 1668 taskeng.exe 29 PID 1668 wrote to memory of 2540 1668 taskeng.exe 29 PID 1668 wrote to memory of 2540 1668 taskeng.exe 29 PID 1668 wrote to memory of 2540 1668 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9c7a2f78c3eebdee2d1a7bfb40467460_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2372
-
C:\Windows\system32\taskeng.exetaskeng.exe {BE08D22E-D58D-4B45-8657-372ABA2757ED} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\PROGRA~3\Mozilla\racmzae.exeC:\PROGRA~3\Mozilla\racmzae.exe -cddhnyc2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2540
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
258KB
MD55c66ada505d4be9336d42a6049f0af0c
SHA17dfccb4322d3604b9da2bb89dabcc3f912fb4100
SHA256866054569cf2f23b329f78e37a8f20171f119edab3f72dacff087b694c8df697
SHA512610b697132eef1f7aa4d5555f2b624713ed4e40a764ed8fc971f254ced82661768adcbe459f1f2a8c5863a703c1f67073b239ce1de05647c5f04486ef4fd2f85