Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19/05/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe
-
Size
76KB
-
MD5
2db98881fb679a4679b40813db8eaf40
-
SHA1
7724925258d8e79d6bbab186efb0aa6700591b4e
-
SHA256
c386cd5930e3fb20ba131be8d4f76ff6c63d14b30a47eb6cdcc823ef06e408e8
-
SHA512
5f48e2fbe915e545c9d7c6f205476e6f56b7f1c5a893d9acd0fbdc31643effac91255ac11c0da40609ad85c2683d77417437d24c84ab65b94aa157824938b6bc
-
SSDEEP
768:vCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpRiTWNReOOnCru/fW:71Tzy48untU8fOMEI3jyYfPiuODW
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4468 wrote to memory of 3744 4468 2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe 83 PID 4468 wrote to memory of 3744 4468 2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe 83 PID 4468 wrote to memory of 3744 4468 2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe 83 PID 3744 wrote to memory of 436 3744 cmd.exe 84 PID 3744 wrote to memory of 436 3744 cmd.exe 84 PID 3744 wrote to memory of 436 3744 cmd.exe 84 PID 436 wrote to memory of 2512 436 iexpress.exe 85 PID 436 wrote to memory of 2512 436 iexpress.exe 85 PID 436 wrote to memory of 2512 436 iexpress.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\449A.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\2db98881fb679a4679b40813db8eaf40_NeikiAnalytics.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Windows\SysWOW64\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed3⤵
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Windows\SysWOW64\makecab.exeC:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"4⤵PID:2512
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD502dba5f37067292355c6d01a57d4ef48
SHA17c67ab3f99fbf7a53018dd295d2968c525db83d9
SHA2568b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242
SHA51212201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a
-
Filesize
76KB
MD5dccb497b0175bd8a9d85c58df122952b
SHA1013fc072480eb69e4048fbde99f8cecaa220cbea
SHA25613e9c1eeab4eb5a37f26ab42e91db9756e0265c2d3756cebcfa3a3a4a3b1d9aa
SHA512b04a8e792e5ee362703cf04722c86960f8b6c5d11157d6eb4160b210bc42ee92d14f713cd8abc7211e6b4b8af4acd409f47b0174129b3f29f062e2e39f82869c
-
Filesize
724B
MD5c3ca008abd6997c4b036a7e8be75cb2c
SHA105f7a3527bb04c691b08f040f562582035398829
SHA25629ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3
SHA512bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083