Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 08:57

General

  • Target

    ac306205086202cde216c82e093eea40_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    ac306205086202cde216c82e093eea40

  • SHA1

    df1a8dd2094ff52ce763b6ccec976fd05ded5c9e

  • SHA256

    f388cf7c61fd87640270d2155a29897e790712d731f68e0330442e1d3aeb4e00

  • SHA512

    d79fd312d670f0143ff9878841a048e900ba07a1bb584c21a90e61fbb46a955b357dca71eab6fe6a0081b3d722df3d557e168e3932410151fa6b1b05f1f283d7

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmC5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac306205086202cde216c82e093eea40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ac306205086202cde216c82e093eea40_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\UserDotZ0\devbodec.exe
      C:\UserDotZ0\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxEN\dobxloc.exe

    Filesize

    4.1MB

    MD5

    a60c18c1bbff10c03116f80dc8d3ec55

    SHA1

    b48aaea22968b0288a8389124dbe390fd299517b

    SHA256

    4ecd542201961ed0e9a09ae53520b37489e31d5707ff565a90ce4d7fee20da2d

    SHA512

    33a31d108370ecebe60bae33c2a2b25d31b1bda187cdec6b72e97761b06e0875cdd2e5ebf28319badc80724b486fc69ebe35b841d65dc31bb6e9305ff40050cf

  • C:\UserDotZ0\devbodec.exe

    Filesize

    4.1MB

    MD5

    ef7e1f75c0ecd816974abfe86076a194

    SHA1

    bd3155342ee2f4bf4a75947387b90b7b4bb19bd1

    SHA256

    4b79e3942787a25e1351de66fd8ecc3a6bf931f7789965d29140c7a1b14b134b

    SHA512

    fa2174241d722e5ac6c2f76cbab5873cf3de6eb8f16f519876364725e95aad9e4bfdd820ba76b072c1bc1e781e0169dfff8a6fe03b6fa62902bb17a6ed69744f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    203B

    MD5

    6122d2221920e3a2720463a01784ebac

    SHA1

    442b5fa82d3bd65dc86248fdd740a7cec541c0b7

    SHA256

    53c42b4546498d98349fa4b8c3fb0dfdfd3fe77a83b03043cf966e88e7cd8b48

    SHA512

    99961c82819737d06737e226ac115e18138c212f9fc1c6c71ec5d65ffa6e949f21afac14e5a7dc71181f22a927b020adb8351086ff367978c046176bf9e97394