Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 21:02

General

  • Target

    8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe

  • Size

    408KB

  • MD5

    8791e6d033c60f741742263243416ae0

  • SHA1

    518214cdc0ab7e34355f81b783ac34825711138e

  • SHA256

    757bb52277053fa8ec38e35e1d8d61f848b3cb98052f9b83ab7beef6764c5141

  • SHA512

    77908b64b0a7f3beef34cedcf8c3d67dfc430347682fdddb8e0366c6ec23c63806cb8511d15f87cbaa147913ced6757658a4812ade7447474ef02731bd8e1759

  • SSDEEP

    6144:4jlYKRF/LReWAsUymUvi1VJp6nrrtAujCcd2i6MkU6sHR8VckeknCHBi0QLN4:4jauDReWoUa1VJEZ/acOCHBi0Qq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8791e6d033c60f741742263243416ae0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\ProgramData\ccqub.exe
      "C:\ProgramData\ccqub.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3544
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3144,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
    1⤵
      PID:1912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Documents and Settings .exe

      Filesize

      408KB

      MD5

      6a7fc39021b2dfc8e13d3b9a0af6536a

      SHA1

      a645e04bc76e21cf6d6d5de0b32dcb8bbcf5374e

      SHA256

      8f5db87617d5165c840a3d85ddcc67a75d3a4dcef8febd0d91993789a298798b

      SHA512

      6db4f8994fca7d0939f93df25543dbc39b37c3cd99f45c6e082ae26c26f57810689bf47842919bdf449d84b1d1216cdc781f82698aea47f9b7418a9dcd2ceece

    • C:\ProgramData\Saaaalamm\Mira.h

      Filesize

      136KB

      MD5

      cb4c442a26bb46671c638c794bf535af

      SHA1

      8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

      SHA256

      f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

      SHA512

      074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    • C:\ProgramData\ccqub.exe

      Filesize

      271KB

      MD5

      56880d7d241a6137c0ed2d5893c6af1d

      SHA1

      1a4d35a824bac78ad625ca97d50fd7b406d02761

      SHA256

      05571d347095f56d6e06c78d387841e8e962593da2a66601765ed3424849981a

      SHA512

      cc806e9d2cfee76541970f0082e1e600cec89c7e1941f488df944e1132fdf6f8bff62aa06b819ad16a5b69541e779bd9c8aebc41255dc80d98c13672fdf546bd

    • memory/3544-134-0x0000000000400000-0x0000000000448000-memory.dmp

      Filesize

      288KB

    • memory/4052-0-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

    • memory/4052-1-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB

    • memory/4052-8-0x0000000000400000-0x0000000000474000-memory.dmp

      Filesize

      464KB