Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
15/05/2024, 08:28
General
-
Target
aed07f00b67382027af544a03ae22ea0_NeikiAnalytics.exe
-
Size
457KB
-
MD5
aed07f00b67382027af544a03ae22ea0
-
SHA1
b984c64693f050d8d44b084b9da26442b7569630
-
SHA256
e926c75748a58a92966a499b1503c7d06205bc823dd21e0b7d6257d8d1eaf423
-
SHA512
2e9839ccce890a99339b5587e8df4da06d20ba85de261730beba8ca4c301b716d97ab7c8cb01c504dc06d6ba574ad7bb20771a79600c20b9e7f3b36af5f908aa
-
SSDEEP
6144:mY+32WWluqvHpVmXWEjFJRWci+WUd20rUU5EYCTvaBju4zh:dnWwvHpVmXpjJIUd2cUusvalxzh
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Disables use of System Restore points 1 TTPs
-
Sets file execution options in registry 2 TTPs 12 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 6 IoCs
-
Modifies system executable filetype association 2 TTPs 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops desktop.ini file(s) 28 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 35 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aed07f00b67382027af544a03ae22ea0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\aed07f00b67382027af544a03ae22ea0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\service.exe"C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\service.exe"2⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\smss.exe"C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\smss.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe"C:\Windows\IOU2V5J.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Sets file execution options in registry
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\lsass.exe"C:\Windows\lsass.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Sets file execution options in registry
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
6Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
457KB
MD591f1911a42f3d8b5546c2fedbdb054ed
SHA1b8cb45eb7024982954ca7a00848382fbad4912ea
SHA2560bf80406405f6088753aa43db565f767b4a31ad7afd313e4ed6e406e72e98ad7
SHA512c754d82a84a415a580a012a1e92d3deb2863096e8cf2dd2c9f05e3bfa9f6709cfd1a114dbd500f3f63f214c4fe16905e3cbb116d1f1ed3c6600e4e60a2cb6ab9
-
Filesize
457KB
MD583f3f4538bd299be8c91bd33ee9ef1a5
SHA1820e6e239909eee06fa0de81988587990ce78c9b
SHA256002bfe8702f790835b9463f2aaee9eb6a146a0d65ca6f5e317b6324679aad67e
SHA512de7c1f03571a679b7f3a54bf4276f174fbd1be502532145d440d47148f66a62e61875d88cbdd15269bae6472e3e4b91589c92257e77cf04847d71690ff926b45
-
Filesize
457KB
MD5c6c1551328d9a4ba98f9ffcd96391e75
SHA11d195f01c88b5b98ec483b72f53659667c9c3432
SHA25679ba92bf44d7cb9660ff13797eccaae0018bbf68401f3e00b70f5e07a4616f20
SHA51218a27e4b607aa47d072080462ed523a296aa420431af12ab1eb3bc8eff2c5e5e1abd47725f7176c8179b8c7870e99d3df6f250471cf9519a302fcb12da488279
-
Filesize
457KB
MD59ccb72238f189b63eb5465129a4c77f3
SHA18c5b16e81683bd57c0ec4cf4003691a7cdfee4c0
SHA25605af829ad1c11f464893146b95b3f6088a1a993ccd2253512efe0cc475258466
SHA5120d093ea9104f76538d7ebbdd543d37cee77caa10d0fe8ec1c30dac5999e7a522704ed13771d61269d766ce74d3adbb2df3732a87f578a503055faa57a6ada48c
-
Filesize
457KB
MD553cd9f5481483426ce4df0899ca62a24
SHA1bc9d47c7d2e5fe7d4f98fac3e00af642f876c840
SHA256e753434239306ecc9ea44cdb0906d4477e33e5864ac06f4ad5d551d511988fc1
SHA512e2487f7480e0a6436fd1e2082d49b02b20807e69d35a4f83acfbc74b235c250debad5fb560864e7a063a4d11eb5da3ef343a871fcbb21d64ad8f6c67a3a9814f
-
Filesize
457KB
MD58415e3ba4b92d99528bf141ab9e80642
SHA1af6464bdff006368e964c7a8a600b50d945ca548
SHA256ad4f74581ee57c351f07e7654a2a13a7c1f8bf5b6f94121e3f8c208fd621b1f6
SHA512f85597e6967b49cae02445600dbbdbcd6d88217f3db234db89c33221d969ee822fbe531be4f765835103a890ad69d0c7d4ddadee508eaa869aa60e65ab73a336
-
Filesize
457KB
MD50a03faa1708b6dec4296b22ab7746254
SHA155dd7adcdc8a89a32314c1fd44d10d80c32b5126
SHA256409fcc21acb7e7329ebf4946d7ee50fcab668510b547bf9c74d602772741c5b0
SHA5123f76909d029731dc3e8e3cdb7c00c54fff66404e7b84e09772d1985f322e75ec7b4ae60ffb706de694fe796a9f939af1e1bed5492b6b138a0139de8246aa07f2
-
Filesize
457KB
MD5acf97aac4f88759cd61602569e83352a
SHA18c711d3cee5ed266879144b7b99893088d714e0c
SHA256dd1501a55220a09fd4712bdf747b71c692b3526660b5acb84d2b8ebe2ec9e2ba
SHA51231c46d8441e16510493a55319cda4dc53fbc1e43961db485c359ed7060bf0dc54b25e1343b12c3735af6c863ad9193135d23e55745db27056e97ca318e2521b0
-
Filesize
457KB
MD5f2fcab8cc8d7caf2ce6e0ac60f09793f
SHA1b2ae0c22f812ed63e9200c24726b7db42e50835f
SHA2562ef91696f3549bfdfccd796b73d274a0214069132e2686abf7c2fb3ab57b5682
SHA51232b678986d93489007c9608923e7ccf22eacd450536c234b8c956d99c72af867e64014626f4c08f1ec9866e1fc2fbb77a1a19cdec9390830224eee4d81c4b5be
-
Filesize
457KB
MD568787e3e1ec4355ec3a63a7b46bd45e6
SHA10a7f9b65efe61e198ac8d5b31ded06cb4f39bb22
SHA2563ea51f6ad48a123385c2ed8876204b51a3f438c96db242d5dfc4fe58e2871d0d
SHA512652a9adefa67a052473b9f1124ec01c5766691aecee952a6d683676cdc6060ff77572d45c0e7ee216af024c545a76a953cf3175371e69ce2cc55008b7a5daca0
-
Filesize
457KB
MD5b018f416ce6abf93157ef986a10a3c22
SHA13554a65aeaacc1782a112272c3389efb388d4928
SHA256bc56d2e94d799c05c83719dc3cd09d62c8d1a25296780dc67ebe30e2242234e9
SHA5129e631b592a27437e7d4339081dadb236869bd07edf2d977cea2a7f874915e932207b136287c4bff6df589c466ca4eb26577c7c6e225c49e8864778faa8d904cf
-
Filesize
457KB
MD5eb6f9891f8f2bc133c24ed5b1a9ea59a
SHA1172e55dafd340d1f026a99ea030a8cd215105627
SHA2565bbd58484b20ada4e182fa0f650457aadde688fdf318e241fe316e8ce833e685
SHA512b8139e50d5bd1425a8fc699d4d744ea27e5fbb4aa044995a9c26a0bf4768aee03690b4e4098e43a95e84e5b9e11f63465b0dfb1424e3225e9225bdd91a03a254
-
Filesize
457KB
MD5f6e7705ce5747dc28a0e64d408467377
SHA1f9ee25080dc1325cc918e294e23341360c6bf59e
SHA2562228175cc7d3514ea11ad45efa5b66c04f45c95c97c129e833bfcd613ee35429
SHA512018aa9405eba015685cf62a72cfd89e6457bee2d350d708c687140db3eb21c33f79b60ed2c218c82b4d45d4b678383874c9968dc11ba8613278658476d130a4f
-
Filesize
457KB
MD51fd03b079fba95f40687242d3a691c4d
SHA1dd8f1799493e84bd63c9b27fce94ddbfa77b0575
SHA25672933a29c8c90bda7dc1c6df8f9ea0d6bc6815446a365bd5d9dc99c2ce39a6b1
SHA512bbfc985802f2eed5550bbec71aa58885411ee528d231213d4af7e45f1fd03662c41b014476105426182c409f36608bf00e8e2b6c5af99ec5fdc7f316c8398903
-
Filesize
457KB
MD557c039e53e8830d85c8e94e9d42af897
SHA11ef00c2fa348c194b006f52d3d774cfd46431135
SHA256cd1149479226b16efe111f578f7e7e0491805f79470794c91eac04742b8fde53
SHA512e721ca8ee145ba8880b75e98965caf02e6683614ce1c33cfda7d2386f2fdfa37ae0be090dc215f53a35e39a2562774508c583b59a06e58160b8c70beb60c12ce
-
Filesize
457KB
MD5fa39fd020a05b6fde6f9e64e34cd284e
SHA133a473bd1d11c5e5f8fcc7a3d0051cbb6658e49d
SHA2561533e91314d6f9a6e48fd2e60e3f38809ead1184b593438983d1751bc270df86
SHA5125d7c5fc314196cabe2683c55cf733eaf8575b799979916e25399dd9dc140880e61915955857e89ac03324a2742a3a0e752a44e7cea0ccaa50b0772714c27b6e8
-
Filesize
457KB
MD5e500b6db79d23812fa3d1f9973f22c6a
SHA1b3bfbd57c37e7de7abb575f6391a51a14b45f3fb
SHA25653eab63aec46db8cb6d16e737decbc01f1aaf02c0bde7f09588b03a8c5156829
SHA5122069631363d273e589bb9d188e96aad722f64871ae4539312fb9a20e748ebbf562bb1e5dbca512236a9c1cc329d4cbfe8c7ce1da306f39bbfd7f8cec424b0c1f
-
Filesize
457KB
MD5dfca66e38ef53fd2e50178bb660fbaac
SHA1cf50c40df7191bb50b9aabaed3a29f6fbf92db9c
SHA256161059bc88bd85d66568130324433555eba0ae57f2dab437754681c2f7178923
SHA512106e681e920a192423322a8d0d8da5216abf32d07c3c7e8ba833dfd9b55703f2f37b0f216b0e742d96f0e8b5e72896aa7d6bba7bd49aec4f7beac4011201de79
-
Filesize
457KB
MD5aed07f00b67382027af544a03ae22ea0
SHA1b984c64693f050d8d44b084b9da26442b7569630
SHA256e926c75748a58a92966a499b1503c7d06205bc823dd21e0b7d6257d8d1eaf423
SHA5122e9839ccce890a99339b5587e8df4da06d20ba85de261730beba8ca4c301b716d97ab7c8cb01c504dc06d6ba574ad7bb20771a79600c20b9e7f3b36af5f908aa
-
Filesize
457KB
MD5817281845db6dacb3ceeafd0837d5c33
SHA1cd3967e24fc703e64bc46e8e0586a94560a876b0
SHA256a820ddcdce70e470b5459b385bb51a0836ee71a9c487c22dace49233cbbacf5b
SHA5124555080f5b264aada6e5df72c37ab77f6beed0583d5cd3d11c41240a98b96eb7a9ae68965d14aca8e512ec657403aa3761010646234ff2c15deb83bbaf59705b
-
Filesize
141B
MD5aca5c7af85fbbd00af7c0a8f15bdb600
SHA12420e8cec8e97c17d1a53b134cef279e52c1d0eb
SHA25629982d0057d8d6255ca247f31ecd0deaddd62cd212947dfdd2d39808ac12bcfd
SHA512774caff5c4bbd8db7f92c691f78fe63e4a675a71f1a92b6a4d959005f641ca362f390f3cdedf217357a545717ec2964ad37582e5d1e74ec3ae1928a8b323ec8f
-
Filesize
127B
MD52d35261e7dd0c6b762e1f61ed6c7bfaa
SHA1d6a62a49858e266a3ecd56add7f013a49b1d8b0d
SHA25661a7583b5b9f57b34b9a1a51d2d799b3bfc913daf0e00d38ac9d9737e669710f
SHA512e98c74fbf9850b3235f9c1f7899abcb94e84ab4a6a78f1cb7a76513f3a3c716ae849cdb938bde85e7301f9e0ded7a83c5d941ba47b4a5758d8e0e4e187e91717
-
Filesize
417KB
MD53e4aa52683adf2ae9b4ab3f64a02d1a2
SHA1b7e309eb33f95a409401effd72f919c720030edb
SHA25615c9ad0863df8f1db620e11044020a237fc27af295404ae62bc4bbd2608c5538
SHA5122fb67a139fe992317e77c0acc291da363481a949f359b8472ceb0131c20a17d17d14d25682ab9b215290734532e564d72d75e8c1cc88d43dcd3fbba618732385
-
Filesize
457KB
MD5562b64b7aada5ecafb9da9ab3ef035fc
SHA180576295d9f7546c4c13b5c6de3aa7e50c5932e2
SHA2564cf80b2a11ee0c590451721dc606a3de4cf5c4f493c4d77e994e6808cb3d16ea
SHA512bd422225030d1402870f88536ff078920795dd32c92f2800c15d8d3a51aff606566b08f122a73c7b31b19871485bb4e4da1fc16af079f9674b5c019a9a6754ee
-
Filesize
457KB
MD5fc5eb4582c491db5d367933b65338783
SHA14ab4747192fa1aea5cea9f1eb9cbb4924dad6a91
SHA256d54dabe0087c54ed0758b90854e7fd550ee43346eadeabe7398b0b19711a1588
SHA5123eb4f9ae9aa770f8e6d3d62f7f790516be0c58a66c3277470cbc4fb9f6cff45c61484d475ca3d707a9a06f7bc35a4b744406691e0fd560eb03fedf9d84abea9f
-
Filesize
457KB
MD517ae9e7388383b7beb8c65327da447b1
SHA1ad82972c50cb3cd1f0ffee092e6acf82463e580c
SHA2561831a18915b07eb22416a24f23683d9c88e7b81c9c599997a582c7e1e62be8fa
SHA512c34691f5b452a7dfcbcc577ef0b6c1904339cd2674713eba463cf436008455ebc1f24f0e1b91b017967b451889d6aafeaa9f42a70e072f717787c0fa30dd2b72
-
Filesize
457KB
MD512c137f0575c7efda596317a86054388
SHA1ecb386cbf54863e9b3e9520a0cc01afdd3880683
SHA256d2fb5bafa040110f861e4ab4b797b09aa674a35ed7bed71e7bb936206aa81ac2
SHA5121736be39987145c3745e6397fe60520fda3e3c3c18b99fbc1f430f135d1a49a7c31b159026c4fe52b73ce78245dbc6680aeb8b35e31ad2799a4d166724eb051d
-
Filesize
65KB
MD5c55534452c57efa04f4109310f71ccca
SHA1b97a3d9e2c1ad9314562b7d0d77b2a4b34e77d61
SHA2564cbbe69bcd0a2debae6a584e1fa49f8d4a27f90d9cd364255bbbd930ca0a38bc
SHA512ad324f1f1bfde9c9b6057d5526ae62155b3b897d27225ed74fdb867a2c6d5f21cebfb63e3dc68bd807993b0f4c72fb3ce880696b9c3358b3b982204d60c7161a
-
Filesize
8KB
MD50e528d000aad58b255c1cf8fd0bb1089
SHA12445d2cc0921aea9ae53b8920d048d6537940ec6
SHA256c8aa5c023bf32f1c1e27b8136cf4d622101e58a80417d97271d3c0ba44528cae
SHA51289ff6a1f1bf364925704a83ab4d222e2335e6486e0b90641f0133236b5f6b0fede1e9f17b577d6d069537e737b761f745d1fde4a9d0b43cb59143edf2d9c2116
-
Filesize
1.3MB
MD516867ae0e357299fad74f85b55820412
SHA19e3f01ad427cd0b2aab9383793cb8b232c0d9602
SHA256f104add33ae09a5184506b751028d346fd4cd80558fbdbd89ba6e57194e9cb68
SHA5122ae7252f63029aabfabf94ddb8412c8c7aae97c981b4b726456fdc45410a5b49bfb182522bb2f6290af8580f8908e9f55c305797a90ba5de85d2ff51714fe290
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
64KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
468KB
-
Filesize
480KB
-
Filesize
468KB
-
Filesize
480KB
-
Filesize
480KB