Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 05:32
General
-
Target
a56a86bafcce13c79b584c4ef376eea0_NeikiAnalytics.exe
-
Size
272KB
-
MD5
a56a86bafcce13c79b584c4ef376eea0
-
SHA1
4260d5243213240f8fb84e239e4dd2191059f395
-
SHA256
65dc33560a97fe9238671a799238c79d6dd6d13521408cf848d24882f57e9dcb
-
SHA512
aaa292bdd90aa895a7129615ccb3dcfc11b65171f21f92bc31e51367146a583412e8ba4db7b3a354179109b7cc76825e482b7943f12857f655b39c71d8f0dedf
-
SSDEEP
6144:UGKLXglA39bSR0xZKL2bWGRdA6sQc/Yp7TVX3J/1awbWGRdA6sQc/YRuEuT:n4XbSwwL2bWGRdA6sQhPbWGRdA6sQxuB
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a56a86bafcce13c79b584c4ef376eea0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a56a86bafcce13c79b584c4ef376eea0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjlmclqa.exeC:\Windows\system32\Jjlmclqa.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jpfepf32.exeC:\Windows\system32\Jpfepf32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjoiil32.exeC:\Windows\system32\Jjoiil32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnjejjgh.exeC:\Windows\system32\Jnjejjgh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjafok32.exeC:\Windows\system32\Jjafok32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jdfjld32.exeC:\Windows\system32\Jdfjld32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjccdkki.exeC:\Windows\system32\Kjccdkki.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kclgmq32.exeC:\Windows\system32\Kclgmq32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjepjkhf.exeC:\Windows\system32\Kjepjkhf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kcndbp32.exeC:\Windows\system32\Kcndbp32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kjhloj32.exeC:\Windows\system32\Kjhloj32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmfhkf32.exeC:\Windows\system32\Kmfhkf32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kcpahpmd.exeC:\Windows\system32\Kcpahpmd.exe14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmieae32.exeC:\Windows\system32\Kmieae32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgninn32.exeC:\Windows\system32\Kgninn32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmkbfeab.exeC:\Windows\system32\Kmkbfeab.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kcejco32.exeC:\Windows\system32\Kcejco32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljobpiql.exeC:\Windows\system32\Ljobpiql.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnjnqh32.exeC:\Windows\system32\Lnjnqh32.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ljaoeini.exeC:\Windows\system32\Ljaoeini.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lcjcnoej.exeC:\Windows\system32\Lcjcnoej.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmbhgd32.exeC:\Windows\system32\Lmbhgd32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldipha32.exeC:\Windows\system32\Ldipha32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmdemd32.exeC:\Windows\system32\Lmdemd32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lgjijmin.exeC:\Windows\system32\Lgjijmin.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ljhefhha.exeC:\Windows\system32\Ljhefhha.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcqjon32.exeC:\Windows\system32\Mcqjon32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mjkblhfo.exeC:\Windows\system32\Mjkblhfo.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mepfiq32.exeC:\Windows\system32\Mepfiq32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mccfdmmo.exeC:\Windows\system32\Mccfdmmo.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mnhkbfme.exeC:\Windows\system32\Mnhkbfme.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcecjmkl.exeC:\Windows\system32\Mcecjmkl.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mjokgg32.exeC:\Windows\system32\Mjokgg32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mmnhcb32.exeC:\Windows\system32\Mmnhcb32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mkohaj32.exeC:\Windows\system32\Mkohaj32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Malpia32.exeC:\Windows\system32\Malpia32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Megljppl.exeC:\Windows\system32\Megljppl.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgehfkop.exeC:\Windows\system32\Mgehfkop.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Manmoq32.exeC:\Windows\system32\Manmoq32.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nclikl32.exeC:\Windows\system32\Nclikl32.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nlcalieg.exeC:\Windows\system32\Nlcalieg.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nnbnhedj.exeC:\Windows\system32\Nnbnhedj.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Napjdpcn.exeC:\Windows\system32\Napjdpcn.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncofplba.exeC:\Windows\system32\Ncofplba.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njinmf32.exeC:\Windows\system32\Njinmf32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmgjia32.exeC:\Windows\system32\Nmgjia32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nenbjo32.exeC:\Windows\system32\Nenbjo32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhmofj32.exeC:\Windows\system32\Nhmofj32.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Njkkbehl.exeC:\Windows\system32\Njkkbehl.exe50⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Naecop32.exeC:\Windows\system32\Naecop32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhokljge.exeC:\Windows\system32\Nhokljge.exe52⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nmlddqem.exeC:\Windows\system32\Nmlddqem.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndflak32.exeC:\Windows\system32\Ndflak32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmnqjp32.exeC:\Windows\system32\Nmnqjp32.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ohcegi32.exeC:\Windows\system32\Ohcegi32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onnmdcjm.exeC:\Windows\system32\Onnmdcjm.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oeheqm32.exeC:\Windows\system32\Oeheqm32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Olanmgig.exeC:\Windows\system32\Olanmgig.exe59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Onpjichj.exeC:\Windows\system32\Onpjichj.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Odmbaj32.exeC:\Windows\system32\Odmbaj32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ojgjndno.exeC:\Windows\system32\Ojgjndno.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oobfob32.exeC:\Windows\system32\Oobfob32.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oelolmnd.exeC:\Windows\system32\Oelolmnd.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Olfghg32.exeC:\Windows\system32\Olfghg32.exe65⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oodcdb32.exeC:\Windows\system32\Oodcdb32.exe66⤵
-
C:\Windows\SysWOW64\Oacoqnci.exeC:\Windows\system32\Oacoqnci.exe67⤵
-
C:\Windows\SysWOW64\Ohmhmh32.exeC:\Windows\system32\Ohmhmh32.exe68⤵
-
C:\Windows\SysWOW64\Okkdic32.exeC:\Windows\system32\Okkdic32.exe69⤵
-
C:\Windows\SysWOW64\Paelfmaf.exeC:\Windows\system32\Paelfmaf.exe70⤵
-
C:\Windows\SysWOW64\Phodcg32.exeC:\Windows\system32\Phodcg32.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pknqoc32.exeC:\Windows\system32\Pknqoc32.exe72⤵
-
C:\Windows\SysWOW64\Pmlmkn32.exeC:\Windows\system32\Pmlmkn32.exe73⤵
-
C:\Windows\SysWOW64\Pdfehh32.exeC:\Windows\system32\Pdfehh32.exe74⤵
-
C:\Windows\SysWOW64\Pkpmdbfd.exeC:\Windows\system32\Pkpmdbfd.exe75⤵
-
C:\Windows\SysWOW64\Pmoiqneg.exeC:\Windows\system32\Pmoiqneg.exe76⤵
-
C:\Windows\SysWOW64\Pajeam32.exeC:\Windows\system32\Pajeam32.exe77⤵
-
C:\Windows\SysWOW64\Phdnngdn.exeC:\Windows\system32\Phdnngdn.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Plpjoe32.exeC:\Windows\system32\Plpjoe32.exe79⤵
-
C:\Windows\SysWOW64\Ponfka32.exeC:\Windows\system32\Ponfka32.exe80⤵
-
C:\Windows\SysWOW64\Palbgl32.exeC:\Windows\system32\Palbgl32.exe81⤵
-
C:\Windows\SysWOW64\Pdkoch32.exeC:\Windows\system32\Pdkoch32.exe82⤵
-
C:\Windows\SysWOW64\Pkegpb32.exeC:\Windows\system32\Pkegpb32.exe83⤵
-
C:\Windows\SysWOW64\Pmcclm32.exeC:\Windows\system32\Pmcclm32.exe84⤵
-
C:\Windows\SysWOW64\Paoollik.exeC:\Windows\system32\Paoollik.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phigif32.exeC:\Windows\system32\Phigif32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qmepam32.exeC:\Windows\system32\Qmepam32.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qaalblgi.exeC:\Windows\system32\Qaalblgi.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qkipkani.exeC:\Windows\system32\Qkipkani.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qachgk32.exeC:\Windows\system32\Qachgk32.exe90⤵
-
C:\Windows\SysWOW64\Qdbdcg32.exeC:\Windows\system32\Qdbdcg32.exe91⤵
-
C:\Windows\SysWOW64\Qlimed32.exeC:\Windows\system32\Qlimed32.exe92⤵
-
C:\Windows\SysWOW64\Aogiap32.exeC:\Windows\system32\Aogiap32.exe93⤵
-
C:\Windows\SysWOW64\Aafemk32.exeC:\Windows\system32\Aafemk32.exe94⤵
-
C:\Windows\SysWOW64\Addaif32.exeC:\Windows\system32\Addaif32.exe95⤵
-
C:\Windows\SysWOW64\Alkijdci.exeC:\Windows\system32\Alkijdci.exe96⤵
-
C:\Windows\SysWOW64\Aojefobm.exeC:\Windows\system32\Aojefobm.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aahbbkaq.exeC:\Windows\system32\Aahbbkaq.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aednci32.exeC:\Windows\system32\Aednci32.exe99⤵
-
C:\Windows\SysWOW64\Ahbjoe32.exeC:\Windows\system32\Ahbjoe32.exe100⤵
-
C:\Windows\SysWOW64\Akqfkp32.exeC:\Windows\system32\Akqfkp32.exe101⤵
-
C:\Windows\SysWOW64\Anobgl32.exeC:\Windows\system32\Anobgl32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aefjii32.exeC:\Windows\system32\Aefjii32.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ahdged32.exeC:\Windows\system32\Ahdged32.exe104⤵
-
C:\Windows\SysWOW64\Akccap32.exeC:\Windows\system32\Akccap32.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Aonoao32.exeC:\Windows\system32\Aonoao32.exe106⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aamknj32.exeC:\Windows\system32\Aamknj32.exe107⤵
-
C:\Windows\SysWOW64\Adkgje32.exeC:\Windows\system32\Adkgje32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Albpkc32.exeC:\Windows\system32\Albpkc32.exe109⤵
-
C:\Windows\SysWOW64\Aoalgn32.exeC:\Windows\system32\Aoalgn32.exe110⤵
-
C:\Windows\SysWOW64\Anclbkbp.exeC:\Windows\system32\Anclbkbp.exe111⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Aekddhcb.exeC:\Windows\system32\Aekddhcb.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ahippdbe.exeC:\Windows\system32\Ahippdbe.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Akglloai.exeC:\Windows\system32\Akglloai.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Baadiiif.exeC:\Windows\system32\Baadiiif.exe115⤵
-
C:\Windows\SysWOW64\Blgifbil.exeC:\Windows\system32\Blgifbil.exe116⤵
-
C:\Windows\SysWOW64\Boeebnhp.exeC:\Windows\system32\Boeebnhp.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bepmoh32.exeC:\Windows\system32\Bepmoh32.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bdbnjdfg.exeC:\Windows\system32\Bdbnjdfg.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Bklfgo32.exeC:\Windows\system32\Bklfgo32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bnkbcj32.exeC:\Windows\system32\Bnkbcj32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-