Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/05/2024, 12:33
Static task
static1
Behavioral task
behavioral1
Sample
ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
-
Size
1.6MB
-
MD5
ec7efd00677a3910d0ae2e2db47d5f40
-
SHA1
79ef0f99f100cbca04e9f258d288ec31d951d9fb
-
SHA256
43499403d2edeef03e34e7901677cb2a4f34b7c22a94df77dfe0f754d435528c
-
SHA512
864e1cd9ec2432e73f4ef2682ccda1347d302c73bb7211365e99fb768c2838bda17225251d53f4f72a244eaf96d3adb88da657863c49503567a8f3f6f8c916ab
-
SSDEEP
24576:bCtEmZH+nLjsSv8DZHO2hf25CseGncZ4U7Pd8OB0O2SkKuyD:bCFNWjsO8B7hfaCYcL7V8IlkKd
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1740 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
pid Process 1740 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
pid Process 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 pastebin.com 4 pastebin.com -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1740 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1740 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2528 wrote to memory of 1740 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe 29 PID 2528 wrote to memory of 1740 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe 29 PID 2528 wrote to memory of 1740 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe 29 PID 2528 wrote to memory of 1740 2528 ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1740
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD51399e948c17e23744d6c802443a80673
SHA103e96a4c16b5691e2b4e27705eb3d2fefc0c6bc5
SHA2563d2bf64682a2b390d7d741d6fb984394611330ddb3d9693e49556d1c3165e470
SHA5128e126b87af3f554587d1dcc52c0235c4ecc7855ab7174ef671041f94e8f26c635fda576e193eef34c7e25db7bd041556d355ba8c94e44fbe6a0cb0b21ae3d321