Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 05:40

General

  • Target

    8a97a9c4b60eeeeea177fd9d18205a10_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    8a97a9c4b60eeeeea177fd9d18205a10

  • SHA1

    30c69334764faa21b6295c66decaff1549bac127

  • SHA256

    aa8df7303f376659d0a3560cda232d724ea98eeb7fb653d0640be150a2cf1ea4

  • SHA512

    38fd7b199d00279f8b43f4a33e4f0000d56a0226c45ab9d4b5ecd39a80669c50be11ea3b061be68e7905eef3db55fc36ef85a813e157687326892ceb6024ac1b

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a97a9c4b60eeeeea177fd9d18205a10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8a97a9c4b60eeeeea177fd9d18205a10_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\IntelprocSY\xdobloc.exe
      C:\IntelprocSY\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax9R\bodasys.exe

    Filesize

    214KB

    MD5

    1a8ac38714ff8a7d6be5da7c5fda348e

    SHA1

    9911894eefc6ae4ff0c07c2dcc14d038ac95bc40

    SHA256

    fda1fb2a64b4b33d9a5d9d27302638236bcbc813153edacded95ce9f33aee4e4

    SHA512

    6f2f4c655c5f94549fc214cd9bdbe51bd855e205dfa20b42b688e73f07920316a4ea0193223bf7f20ec61a85cc9b3b6b62dff52fdf6027d077e0a774c5d6d396

  • C:\IntelprocSY\xdobloc.exe

    Filesize

    2.7MB

    MD5

    2c1098ad4da0d6f86468a4e6932e66de

    SHA1

    72d5ef286f5c93a67255888e6f755ca9f9b858de

    SHA256

    82f176612ab5f374b581b1ed18b73bf194ef3c4780f9c33e74f13a8e216ce269

    SHA512

    f17fbd4a08863dde2e6a75a72bfb98e38fb3906ba2aeb483048f6cd18a8a316d677ca95b378dc245d3bac2766159f6b26171603b30f77172b2a65f5e5e089d6b

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    193B

    MD5

    909382194a1b4282bda9ab9fea58e693

    SHA1

    1534967fedf7e81713c77addac393b90c0ee4f32

    SHA256

    3c7c6e2c181a59e26d3bc28e876cdda985f6be9cac0b92308ad0541355d7b6c0

    SHA512

    b0ff25346678caf571d490e304c21e7f77f03201666d728513e71689d8c95a4b20187cdfc86874f0d7a007668b77db203fa8ed69ea3b6cfd4724b3eb4387cb64