Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 19:48

General

  • Target

    24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    24876f1b307c9e4e93fb00261edec930

  • SHA1

    4fd0ad906e3e6ce27f83b1196b582e0b86669a54

  • SHA256

    24055ed055019fb81306b5260769691f19d2d0340e029e77e388dcd8d3f77f75

  • SHA512

    0f838e1f5ba7849a9199bbac698bfc94260cffec4e760fcef38fc1f54731604c35be7dffddcfb0511f001975f55da9445f663919a06839c66f7080fbe5a0e59b

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmI5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\FilesXR\devdobsys.exe
      C:\FilesXR\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4768
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\FilesXR\devdobsys.exe

      Filesize

      4.1MB

      MD5

      9f4e82683f81a23b5c4553f6d5b2234f

      SHA1

      94940e6cd82a444395269664bdd147f42a251ca2

      SHA256

      e2d729290e283f54cff1ad9c78f5eb3a36b56c211b476eebc6bc3194d724c94b

      SHA512

      29d5803c4a5325901b9fb20198281af40c8b3817dd38a6754c57d79a1fa0d4285a4475fd6e8ee668ba46060bd36959b840fb59c1da4b5232f244ac5636f84036

    • C:\KaVBSU\dobxloc.exe

      Filesize

      536KB

      MD5

      1ef85eec0bcb1708f38989093c335078

      SHA1

      60cbdf546a643c7b5d58546268589ccfaafde957

      SHA256

      9161407aea48750e0e4bb4d90198948bdf4b968f05000a9842445091430f0690

      SHA512

      af473d0fd268ede93e704fae71718ade4c33a36c8643de5b02a942ad07bd5e2f79e7ff5259dd78cb60bae6d53f31a335d2944a633a665e4434ee016e0450764a

    • C:\Users\Admin\253086396416_10.0_Admin.ini

      Filesize

      205B

      MD5

      8133fd20d081fd5ea2b2424b65e5b4df

      SHA1

      2343e2d190daf4328ad0e5ed351ed71b93bbf2da

      SHA256

      d95a31b5cd5f13a44c50c90c1acdc4f02b368c9540d9c80e22aff1320c0dde14

      SHA512

      309d45179dd63c0c894fc107a5d6aac2ac490c82b2a8d6b71e1362f211e48e3579788375fd715f0f0237071daacf0696edc8057d86a8ca9b52491cb6c891790a