Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 21:02
Static task
static1
Behavioral task
behavioral1
Sample
8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe
-
Size
408KB
-
MD5
8791e6d033c60f741742263243416ae0
-
SHA1
518214cdc0ab7e34355f81b783ac34825711138e
-
SHA256
757bb52277053fa8ec38e35e1d8d61f848b3cb98052f9b83ab7beef6764c5141
-
SHA512
77908b64b0a7f3beef34cedcf8c3d67dfc430347682fdddb8e0366c6ec23c63806cb8511d15f87cbaa147913ced6757658a4812ade7447474ef02731bd8e1759
-
SSDEEP
6144:4jlYKRF/LReWAsUymUvi1VJp6nrrtAujCcd2i6MkU6sHR8VckeknCHBi0QLN4:4jauDReWoUa1VJEZ/acOCHBi0Qq
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3544 ccqub.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\ccqub.exe" ccqub.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4052 wrote to memory of 3544 4052 8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe 90 PID 4052 wrote to memory of 3544 4052 8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe 90 PID 4052 wrote to memory of 3544 4052 8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4052 -
C:\ProgramData\ccqub.exe"C:\ProgramData\ccqub.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3144,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:81⤵PID:1912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD56a7fc39021b2dfc8e13d3b9a0af6536a
SHA1a645e04bc76e21cf6d6d5de0b32dcb8bbcf5374e
SHA2568f5db87617d5165c840a3d85ddcc67a75d3a4dcef8febd0d91993789a298798b
SHA5126db4f8994fca7d0939f93df25543dbc39b37c3cd99f45c6e082ae26c26f57810689bf47842919bdf449d84b1d1216cdc781f82698aea47f9b7418a9dcd2ceece
-
Filesize
136KB
MD5cb4c442a26bb46671c638c794bf535af
SHA18a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf
SHA256f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25
SHA512074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3
-
Filesize
271KB
MD556880d7d241a6137c0ed2d5893c6af1d
SHA11a4d35a824bac78ad625ca97d50fd7b406d02761
SHA25605571d347095f56d6e06c78d387841e8e962593da2a66601765ed3424849981a
SHA512cc806e9d2cfee76541970f0082e1e600cec89c7e1941f488df944e1132fdf6f8bff62aa06b819ad16a5b69541e779bd9c8aebc41255dc80d98c13672fdf546bd