Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    24s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 04:14

General

  • Target

    a9c1a80cdfd2fbab7964cbcedbd98c20_NeikiAnalytics.exe

  • Size

    104KB

  • MD5

    a9c1a80cdfd2fbab7964cbcedbd98c20

  • SHA1

    0e0f8f4cb32655dcb68f25f920810a664ed3a003

  • SHA256

    6a535e8e8745af860eab9901e1aaed16b2962fa408f4e73825f33e9de02c7e5b

  • SHA512

    3f243fe70d95872e4c760b560ed761334fd9e820e388c1bac98d5054d5f34e28b5d41ae529c4dc827aa9dbcd4012b3392c4ad87f8e92f82d9fadfeae5e17a3a6

  • SSDEEP

    3072:HQC/yj5JO3MntgG+TfH5TZsYnjIdbCNNoV/Xi:wlj7cMnv+TRT9n0duP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a9c1a80cdfd2fbab7964cbcedbd98c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a9c1a80cdfd2fbab7964cbcedbd98c20_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4988
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev4DB2.tmp!C:\Users\Admin\AppData\Local\Temp\a9c1a80cdfd2fbab7964cbcedbd98c20_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4644
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev4DB2.tmp!C:\Users\Admin\AppData\Local\Temp\A9C1A80CDFD2FBAB7964CBCEDBD98C20_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:3340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a9c1a80cdfd2fbab7964cbcedbd98c20_NeikiAnalytics.exe

    Filesize

    104KB

    MD5

    555e60ae3561ddf7b334fc52971bc13e

    SHA1

    dd569f42c1b7002717508e4f3726ad6e13943575

    SHA256

    eebbdc0d5f35ef91afe6c2c7aff5a2f69014fe7f3e1bc1870c894f99c7ac8a24

    SHA512

    0fb09dafbc13d0a856cde5d8a494f8fbdade5538640579458f00aec50a0952ee637b46c7a128cc828f50524809192a3a8128e499fd3884535a211f190765b620

  • C:\Windows\MSWDM.EXE

    Filesize

    47KB

    MD5

    b319afee8424fd20d10b6da7a12c7dde

    SHA1

    68a6d36f09571772ed6a37fcefe74ddf2b2982ce

    SHA256

    ff1499f5fc1ff13b65427b7d971c27bc153f3311b3e26232ef8cd57c9faf0e0e

    SHA512

    cd79380bb5d4a0921ee1d9bfad49bdebed82daca5a219cc3e2a06aae92e0a9b2bccc33cce595d75157f1738b25b04bd3fefcdff505867738caa0759a02c8fafd

  • C:\Windows\dev4DB2.tmp

    Filesize

    56KB

    MD5

    18fe30f810364bd33c396c9ee428f4b4

    SHA1

    362433117f9e00a8da6cb54fcd81365fe0168566

    SHA256

    7f13eeb5dca39d05e24b9eb069c6dcb2748633822d67288a8bf8b7e21cdddf55

    SHA512

    160147777466016b908a1a663e3457ed8dc6d0d4c3bb6e75b54206a3e84e8462f1cddf3f23a248d8cbea079615f5f58c4488e016dbdde04b9a0a03db9ce70660

  • memory/212-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/212-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/3340-19-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4644-11-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4644-23-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4988-24-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB