Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 15:11

General

  • Target

    cbbf1380aa0b20b6dc71dde6ae9311e0_NeikiAnalytics.exe

  • Size

    96KB

  • MD5

    cbbf1380aa0b20b6dc71dde6ae9311e0

  • SHA1

    8979f0d70fc98c05a7ea40d93f08e014924963f1

  • SHA256

    1b2e1929601cdf45d0f2ee5875758c74bd5723ca8be1d3400bbe27db231f2785

  • SHA512

    d7af1756b22918128e28ae0d3d319c7db67fd30c26af77872894e6054b5bacf9a006ffc183ce0d6df5f0d70fda0c75f58cfe452a66056389957025135d9b8015

  • SSDEEP

    768:ef4JA5kWTdnURLQ/JD60XDeVtA5YwmHwWW2icNe78ljNZQcytSq:eZkSdIQ/JDHKa5EJWceYljNZQTSq

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbbf1380aa0b20b6dc71dde6ae9311e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\cbbf1380aa0b20b6dc71dde6ae9311e0_NeikiAnalytics.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\biruc.exe
      "C:\Users\Admin\biruc.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\biruc.exe

    Filesize

    96KB

    MD5

    b93111cd06ffad3dc8184f02bd2b0027

    SHA1

    9d051f04d6e0c013f3151d6d71fe8d17fd58e1d4

    SHA256

    c06172862f1b0718520279d209913d7c2391be122ab9af6a782cad6498cf44f8

    SHA512

    bdcdb750cbde92d25e01c60a844456a98653b82228934897ff3e03e686db1d040f27f4ef2736aecb400be099190711acce6d87d3a1cbf57ff07eee02897b855e

  • memory/2000-15-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/2000-21-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/3016-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/3016-13-0x0000000002660000-0x0000000002678000-memory.dmp

    Filesize

    96KB

  • memory/3016-19-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/3016-20-0x0000000002660000-0x0000000002678000-memory.dmp

    Filesize

    96KB