Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 12:04

General

  • Target

    daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe

  • Size

    289KB

  • MD5

    daa0dcfa7fd4104a26897fef6ca0bf90

  • SHA1

    bb8177e1de4cf85bc8827547d8e5ac6f41e271b2

  • SHA256

    8e8bb101a5d4fa20b6c48d965827ff065125639ce6433105b81402cdf8e872a4

  • SHA512

    b084c031d032f1d547f7783f8bd4553a7bb44e89029a6e8419160b1bd9e04f5e06bfbc2640b545a1766c3ba925916b06498d5676d6f770f59ac043670e2225f8

  • SSDEEP

    6144:gblyesukYZdvrniRfBgM1HSk03Ck4YukECzJLaQVbU5:gJ7Z5rnIHSk03Ck7uklJLJbU5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\daa0dcfa7fd4104a26897fef6ca0bf90_NeikiAnalytics.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\system\HPDGO.exe.bat" "
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\windows\system\HPDGO.exe
        C:\windows\system\HPDGO.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\HPDGO.exe.bat

    Filesize

    70B

    MD5

    3c7c9d63f5880e69ad03c24566ce6cc3

    SHA1

    a0165183d514fe77536db86dd4360775fb55a01b

    SHA256

    55570d942f2aaa56aa020b6190411d5b4486b39f0ce89495885cca171df90c01

    SHA512

    51f50a62852d5dec58f89d3b105cb5cee63583891c68d68f88832f8703730fe07af4cb1544a204b17cd1fe973277e68e8d0b659ecb2d0f438cc8fbe4ac645397

  • \Windows\system\HPDGO.exe

    Filesize

    289KB

    MD5

    4f35967ee25d60c7ddd9d7f14d2c7271

    SHA1

    0f4837e5c98571e0c72e30b633f180d6cd5d37ab

    SHA256

    0a73cce350b6604bcb1f28cf2517ff3461b2c949ed50233ff45c45d77c119a44

    SHA512

    be071ac15bf884afe6213a33f33a987fde84976d3fbc9159e3c1b94079358cc8887cfe4f1930e2ad42d5f970cac0d4d55cbd4683c81a58d349b90bfe15dda6f0

  • memory/1680-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/1680-12-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2652-18-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

  • memory/2652-19-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB