Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    13s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 19:24

General

  • Target

    4845aa93c6412074c917053cda175170_NeikiAnalytics.exe

  • Size

    63KB

  • MD5

    4845aa93c6412074c917053cda175170

  • SHA1

    6030c1ed31c08f2b25ba5f7f9d0e577216124467

  • SHA256

    2018d6952c057a21cf55318d6aa22871daf2916c655848bffcabfc092e3e03e8

  • SHA512

    dbde0759f5eb605c7169215a434ccea75b1dc07ad5e3f7beba9d3461fc7877c0b415f4d74fbe3958675f9254a27b3d8cefc1e043490d12ca7f58ab6e2d2bf772

  • SSDEEP

    768:TOSEWgI6sRJ0QPk5Cd8NUIu0oWsV1qaZIp/Bj7YcRpaSOovHYxtxdvO:Sf9Uk5CdzGs1stvHYxtH2

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4845aa93c6412074c917053cda175170_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4845aa93c6412074c917053cda175170_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:388
    • C:\Users\Admin\cupen.exe
      "C:\Users\Admin\cupen.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cupen.exe

    Filesize

    63KB

    MD5

    99153fd668e9d883feeebadb790731c1

    SHA1

    adf19dfd074c0caa987a79bc625f8161afdf17f9

    SHA256

    3234b4b00cdaf81f3a55a486f69f3b3a7b4f3b9f29f0b8070113750605356c18

    SHA512

    0ba1f7c60df52b41743f4c55020e4a23a8c67b1c0d801781d50359d5d056c4eb144dff0a6a4da21c1751482bead8919db24e23585aa1834f921dbd8a5511e97a