Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 00:56
Static task
static1
Behavioral task
behavioral1
Sample
4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe
-
Size
25KB
-
MD5
4359077919a018bdaa7cfc6b7e53f0c0
-
SHA1
bb5877a23f1bc8b3590ea035e0f0fa50a4f6ada8
-
SHA256
5b16d0a79784c13822e0c636ca09358ac89985eb522708f2225a40edfeb44b6a
-
SHA512
4eca16ea2c2cbe40f386783203a0499d2a37f4d581a9c80480721bc0fde15b22aa02d86fb374791d9dc0368a0c41fa162e2f86393ca4702b4e1bfd9663197fd3
-
SSDEEP
384:kzFouStKf7l1VRrNSeQc46+G9TTE0TIhuDsAoJ:IouFffo/c4lcTTEgfgAi
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1672 codecsupdater.exe -
Loads dropped DLL 1 IoCs
pid Process 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28 PID 1640 wrote to memory of 1672 1640 4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4359077919a018bdaa7cfc6b7e53f0c0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\codecsupdater.exe"C:\Users\Admin\AppData\Local\Temp\codecsupdater.exe"2⤵
- Executes dropped EXE
PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
25KB
MD533b2050517474686fab0e908499ed351
SHA1bcd81e8371b4b9551d6b8184921d6c4132aaf22d
SHA256412324aa8b60faf72e80136e38e097fa913c6d7aabc3e8e6f6d3befabe6d5ee7
SHA5129cf754df2bc5e482b4ed87e5062a8c124a7b0f1b384a4b5e9295a490cbf6eb455950145f67c2b9f6c13f9274993f0579052d76fbec35c6f2c3d54229fe67b512