Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 08:01
Static task
static1
Behavioral task
behavioral1
Sample
a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe
Resource
win7-20231129-en
General
-
Target
a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe
-
Size
80KB
-
MD5
a8e80107d8d1e64b2e2a1aa7683f3e70
-
SHA1
cf73995377c48a5e8a22a70d1ec04fa0e25e9891
-
SHA256
8a4909edd9fc35b36e7ae79908cb83dbd4d81629691f2a00667a81f03c8d54a4
-
SHA512
dc5069c8da735c2675fc83a725663ad8f7e9865e7703c6277de39a19888addecd0da02fc6670752d593ccc3cc2fa4b6e395abc6595bc0540b050a2ce8bf037d7
-
SSDEEP
1536:jIr3YriYiUi+H++o1eVlXd+8c0GXmvJJNHjLwl50fP5jy:jyYti0pXd+8c0GWvJ3Hvwl52W
Malware Config
Extracted
urelas
112.175.88.207
112.175.88.208
Signatures
-
Deletes itself 1 IoCs
pid Process 2092 cmd.exe -
Executes dropped EXE 1 IoCs
pid Process 2996 huter.exe -
Loads dropped DLL 1 IoCs
pid Process 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2392 wrote to memory of 2996 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 28 PID 2392 wrote to memory of 2996 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 28 PID 2392 wrote to memory of 2996 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 28 PID 2392 wrote to memory of 2996 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 28 PID 2392 wrote to memory of 2092 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 29 PID 2392 wrote to memory of 2092 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 29 PID 2392 wrote to memory of 2092 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 29 PID 2392 wrote to memory of 2092 2392 a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a8e80107d8d1e64b2e2a1aa7683f3e70_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\huter.exe"C:\Users\Admin\AppData\Local\Temp\huter.exe"2⤵
- Executes dropped EXE
PID:2996
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "2⤵
- Deletes itself
PID:2092
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD593c65a2d29a3f6fc7c703df149637d7f
SHA1a4a27b2eec41990a52a2920818cf940e80fa358d
SHA25675921ea4058e7f9781fed2c5fe0263052d5eb3b192cf5f9fc0e314487d41d5db
SHA5127a22bbda614ee62db2b90a970b6ce67f54fbd7fe6babd77977c0c712d65544db698e7390f97b533912b660ac8f92b05d21d60d07e014a1e1810d25faa24ab176
-
Filesize
304B
MD52bc3da99a958a57083dd07a7b0823eef
SHA1bfcec9488ec7484aec54d5c20e4971d22d580f0d
SHA256d93e25fb931692d94b7ddf7f0c5fea39e02b8740c5a596b85a296b008f228f7c
SHA51228ea1bf949d2ed603ce02dd3e7dafe3b99b08c8ecab13696023398458ca8d8aea1257322d735c0213df1515e3d6c2ab3eb82e1e016e93674e84a83ef76889a94
-
Filesize
80KB
MD530999a489aa79dab7a003db4cdcab5e9
SHA1b2ffc2365782b4d2721754bc8d98d9eba31d1f68
SHA256b8ad2bc3f72dbc2a1124a706aa4a163eff38e8b3dbe8f42d4cf36a91e53a4695
SHA512002f36cb58a607daca690002e849027bc27f7cf8166d7ed8fbf4fcb7a683222d3458b4360f0c56b4bf3faefbafb9d09f070bc2536de8e93611df5946162ff7be