Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 10:14
Static task
static1
Behavioral task
behavioral1
Sample
c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
c3b9f50eedc51619f3a360274bc8abb0
-
SHA1
b567233433a7dc85824ae51297004bb461fd78a2
-
SHA256
8c5d4ba2ebfbffd97734356e9c8bfe04c1c61ce68d7478e589cb5628bfb96f55
-
SHA512
a25a26cd10d98a910f57cfcaeafb7aa4361d21d277ac4d75ffa6276199d3cbd74f1ea4dec0acec692adf69dbaea5e10b521f5df25815bbf72c1064a2e5e693fb
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBN9w4Sx:+R0pI/IQlUoMPdmpSpl4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4140 devoptisys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\SysDrvYG\\devoptisys.exe" c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\MintSF\\bodxsys.exe" c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4140 devoptisys.exe 4140 devoptisys.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4588 wrote to memory of 4140 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 89 PID 4588 wrote to memory of 4140 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 89 PID 4588 wrote to memory of 4140 4588 c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\SysDrvYG\devoptisys.exeC:\SysDrvYG\devoptisys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4140
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5125f73a97151e6cab60b3d57922a8469
SHA1e03ed4995db865ce92dda383a27961a5c5fd9024
SHA25624aaabe822734049d80546dadafbf3fec77903cb4a2e4ad9b95f26a6f513fe4c
SHA512deb50a4158def579b871ab4eb031640a29ceedb41037e58da74055b1d5a7b2daeb63494f79283e74c0f66a246f74c5f101dff8d14f93ae2290d26dfaf95176d9
-
Filesize
2.7MB
MD543e85c13b98bd8d6828823a2aa5a851b
SHA14f8ef8ebe454b64c51030325d135ec98d6b54812
SHA2560de4fb44df0b5eda5ff9fb83f15d0366183afa3edc4e2967ad4593a7e7e5cbe8
SHA512da5a27e2f7cef88977579c73e804cd1e0e144504eac647269ef71df40b0b1e5428e31e545251c4a3f794f982376294fdeb4875e1425c5f3f5dd93caa5ecabba2
-
Filesize
204B
MD5deb319ee329d49a1978afb96b3726b31
SHA1aa7999afd203bf6985adc7dafba062641ad8b757
SHA256bfe33102d444c05f58d064a2be05d42e371c4aa48fdfe7d0823548b0d27cff17
SHA51238fd09d09678a93dce836e1b89fe62dc8428a2ae8a18c64b695c87cf9dcbf1eddbb618efeefc9d8b7dda1ea90d0bfb009d633a2d55d06bd6aba1b0432ec8ca39