Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 19:48
Static task
static1
Behavioral task
behavioral1
Sample
24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
24876f1b307c9e4e93fb00261edec930
-
SHA1
4fd0ad906e3e6ce27f83b1196b582e0b86669a54
-
SHA256
24055ed055019fb81306b5260769691f19d2d0340e029e77e388dcd8d3f77f75
-
SHA512
0f838e1f5ba7849a9199bbac698bfc94260cffec4e760fcef38fc1f54731604c35be7dffddcfb0511f001975f55da9445f663919a06839c66f7080fbe5a0e59b
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmI5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4768 devdobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBSU\\dobxloc.exe" 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesXR\\devdobsys.exe" 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 4768 devdobsys.exe 4768 devdobsys.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 824 wrote to memory of 4768 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 90 PID 824 wrote to memory of 4768 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 90 PID 824 wrote to memory of 4768 824 24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:824 -
C:\FilesXR\devdobsys.exeC:\FilesXR\devdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:81⤵PID:4628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD59f4e82683f81a23b5c4553f6d5b2234f
SHA194940e6cd82a444395269664bdd147f42a251ca2
SHA256e2d729290e283f54cff1ad9c78f5eb3a36b56c211b476eebc6bc3194d724c94b
SHA51229d5803c4a5325901b9fb20198281af40c8b3817dd38a6754c57d79a1fa0d4285a4475fd6e8ee668ba46060bd36959b840fb59c1da4b5232f244ac5636f84036
-
Filesize
536KB
MD51ef85eec0bcb1708f38989093c335078
SHA160cbdf546a643c7b5d58546268589ccfaafde957
SHA2569161407aea48750e0e4bb4d90198948bdf4b968f05000a9842445091430f0690
SHA512af473d0fd268ede93e704fae71718ade4c33a36c8643de5b02a942ad07bd5e2f79e7ff5259dd78cb60bae6d53f31a335d2944a633a665e4434ee016e0450764a
-
Filesize
205B
MD58133fd20d081fd5ea2b2424b65e5b4df
SHA12343e2d190daf4328ad0e5ed351ed71b93bbf2da
SHA256d95a31b5cd5f13a44c50c90c1acdc4f02b368c9540d9c80e22aff1320c0dde14
SHA512309d45179dd63c0c894fc107a5d6aac2ac490c82b2a8d6b71e1362f211e48e3579788375fd715f0f0237071daacf0696edc8057d86a8ca9b52491cb6c891790a