Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/05/2024, 19:59
Behavioral task
behavioral1
Sample
0d5bc1f0a799c65dcf410292a03e0070_NeikiAnalytics.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d5bc1f0a799c65dcf410292a03e0070_NeikiAnalytics.pdf
Resource
win10v2004-20240426-en
General
-
Target
0d5bc1f0a799c65dcf410292a03e0070_NeikiAnalytics.pdf
-
Size
124KB
-
MD5
0d5bc1f0a799c65dcf410292a03e0070
-
SHA1
4194527f206748c78b1b844a6cb73c5191715f80
-
SHA256
a416f3213760003ebc746d790a998e668b241b6ec17a418cae25f4e1ccdf252c
-
SHA512
3c227be757fb27e07622917dc25a5d0eca14f3d02458455feab085bc364c358b09a04fa7978d0c25ec227f4a107a7824fa574f712f43063091e3176b005b225c
-
SSDEEP
3072:kOoS3F40cRatVi9zS9MoMHIQbWNPNYLzxUD:nZF4QYS9FDNkyD
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2528 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2528 AcroRd32.exe 2528 AcroRd32.exe 2528 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d5bc1f0a799c65dcf410292a03e0070_NeikiAnalytics.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2528
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD571e8bc52bdc5819ee82a4dfe9a5ba60d
SHA14ba1dbe65781b5beecc3ada62b6bbd436b690067
SHA256e979fbee3a5302fe12dcd3468a2dd1c030d84f6beadcdcf6df2f2e5fd7540c2c
SHA512c04d627b5afdb93d09c8162b59fc10bef217d868200f64e2de3cfc3b007289fd388fd1d49f1e61310d905cc7b6e38a3123e0d7c35a826de7664127e48cd30165