Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 12:33

General

  • Target

    d22967154923851bb41db49ab7c4c580_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    d22967154923851bb41db49ab7c4c580

  • SHA1

    205f208d2fd91b584734191bfd39424425ae954f

  • SHA256

    3976aa9333b423694d261ed5a71102480ed89c95ab1ff296e96d3d8de4c85cc4

  • SHA512

    c8d32552437dc397366f9981cc54b1a0b048a10636368006cc05bcd1d778540495821fcfaa4ea6e316608ff3a0e4dd2be0b16a083e6e7a8b3f5ec0595f40b020

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBW9w4Sx:+R0pI/IQlUoMPdmpSpo4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d22967154923851bb41db49ab7c4c580_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d22967154923851bb41db49ab7c4c580_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\SysDrvYZ\devbodloc.exe
      C:\SysDrvYZ\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxX4\bodxec.exe

    Filesize

    2.7MB

    MD5

    56a2da7440d6e74095f371ce3509e6b3

    SHA1

    610d817df7fb1f1ba55bc3273cf78da862eef3ef

    SHA256

    b3eaffcbd2db98303169b0e70d234c64f76e612863c6afba41d4ec041baf24de

    SHA512

    868070d7a9cf4d4f099140b37b24ae0b39eac94fae4dccdfe070e200524d1ff471928ddd923f0ce8ffb102409aca5a5668e6883f49b3713531f2a60e0d173f1d

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    203B

    MD5

    ad7ef8a0a133c3711b5baf0b34b91a1b

    SHA1

    9c812510ff80cf9613ac7557b04edfff7e0018f4

    SHA256

    48b67428c9adc7d8399796cb52aadc7f8d77da0cbc55fb82a4a188d6b235f9ea

    SHA512

    4d20c617661f37dcc182f5a5db4fee3282b354b96a5313f885e8e89e24b3a9120d7307990f40bf6cb9e59aab30345ef590c9b5f113652ccd9a58acc847a35e6b

  • \SysDrvYZ\devbodloc.exe

    Filesize

    2.7MB

    MD5

    626c82be4eaedf72812149f94f46b341

    SHA1

    fa859d1f8f1e200762a459c247a911e3739c20a5

    SHA256

    6eb3fe1a5597248cd2775dbbece9d96fe01a044c7abdcb247ce9c65106c3a358

    SHA512

    958d42138410c87a2e6e8c8195701b49ffef4c363551eee61994273a48eb4f0799bfc22eb9cce43ff1d68cf5e2c49717fd4d6357d8c360c589d7fb2f9a547ad7