Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 11:19

General

  • Target

    afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.exe

  • Size

    1.6MB

  • MD5

    afb098a24a5aafa9977f4fa2537c1670

  • SHA1

    651776ba0d61bbeef034d58215b260052a102de7

  • SHA256

    dbdf194c784f71ff6e505cd8a61dfc4db40aa40bfd27403a7ef78b838fd032b8

  • SHA512

    fe1b90a52d4e12c748f300955020ac54b744b757e6e3c86227be6772dbfb590b45ca73a2ef1a5e047c1bf263213e39c29907dfa57900c81cb21d5f907be7486a

  • SSDEEP

    24576:LTfEsP85DgJrivY05+QaILhz34jDpr7qlWfZeik+wsud343HWAgjnEuIzSG:XcsQ6Q3345Rgs9udI3WA2n5fG

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\is-TCFHE.tmp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TCFHE.tmp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.tmp" /SL5="$501EC,953241,721408,C:\Users\Admin\AppData\Local\Temp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks for any installed AV software in registry
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-KVLOK.tmp\gc.dll

    Filesize

    89KB

    MD5

    610c3109df1a88c88bb19a48b831294b

    SHA1

    0092f7ae5d42d3a79d821f4c2b41719f9192d219

    SHA256

    1c9eff55da51f3cff354d5662b10c83703153277588fd32d3bcea49deaf2ce00

    SHA512

    9d1fa851f6bc258f8943a53390c2a8420c6ad44755b3632a097472384547cf1a60028cd808de5f7017ad48dff90099a61d935ea383008ad3819616a3cc3f668a

  • C:\Users\Admin\AppData\Local\Temp\is-TCFHE.tmp\afb098a24a5aafa9977f4fa2537c1670_NeikiAnalytics.tmp

    Filesize

    2.4MB

    MD5

    84db4b4205f705da71471dc6ecc061f5

    SHA1

    b90bac8c13a1553d58feef95a2c41c64118b29cf

    SHA256

    647983ebde53e0501ff1af8ef6190dfeea5ccc64caf7dce808f1e3d98fb66a3c

    SHA512

    c5803b63d33bb409433b496b83ca2a7359b4b1835815386206283b3af5c54d7d1cb9e80244a888638c7703c4bf54e1b2c11be6836f20b9fea157ab92bfbf365a

  • memory/2196-6-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

  • memory/2196-12-0x00000000747C0000-0x0000000074801000-memory.dmp

    Filesize

    260KB

  • memory/2196-15-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

  • memory/2196-16-0x00000000747C0000-0x0000000074801000-memory.dmp

    Filesize

    260KB

  • memory/2196-52-0x00000000747C0000-0x0000000074801000-memory.dmp

    Filesize

    260KB

  • memory/2196-55-0x00000000747C0000-0x0000000074801000-memory.dmp

    Filesize

    260KB

  • memory/2392-0-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

  • memory/2392-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

  • memory/2392-14-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB