Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24/05/2024, 21:04
Static task
static1
Behavioral task
behavioral1
Sample
22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe
-
Size
73KB
-
MD5
22015f989e953a5056e00fcb8db6ca60
-
SHA1
d495c4aef672100b9416bc03d7f5425f42dcf7bc
-
SHA256
5d9bc8a86214dc37e575b3bb30c9012f764b800ce4a0b2a7e5df4538036c7e85
-
SHA512
ece8c3587c9215b0b8987fffdf125067afe169fc32e930a5a4547553be5a28a3365a98f89df8d5f2fb1b18ac1281d8eb0f293c72552537f7b7e8ec3f957fc9dc
-
SSDEEP
1536:hbuxMtjkSWsK5QPqfhVWbdsmA+RjPFLC+e5hRT0ZGUGf2g:hptI3sNPqfcxA+HFshRTOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2288 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 620 cmd.exe 620 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2208 wrote to memory of 620 2208 22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe 29 PID 2208 wrote to memory of 620 2208 22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe 29 PID 2208 wrote to memory of 620 2208 22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe 29 PID 2208 wrote to memory of 620 2208 22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe 29 PID 620 wrote to memory of 2288 620 cmd.exe 30 PID 620 wrote to memory of 2288 620 cmd.exe 30 PID 620 wrote to memory of 2288 620 cmd.exe 30 PID 620 wrote to memory of 2288 620 cmd.exe 30 PID 2288 wrote to memory of 2480 2288 [email protected] 31 PID 2288 wrote to memory of 2480 2288 [email protected] 31 PID 2288 wrote to memory of 2480 2288 [email protected] 31 PID 2288 wrote to memory of 2480 2288 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\22015f989e953a5056e00fcb8db6ca60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:620 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2288
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:2480
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD589456c96fff0e321ef069063fa67bc0a
SHA12afdecbf87d292a197e48f0c777d9447b2c31b3e
SHA25601aaf83554148ed136e597b762b715399b876a20a7a04144c903320d8c43c111
SHA5125addbe1a1c1bc0871f28b8fd7cb9e39cc53403e8721ed5e67985b15126fa03d7ed929b1b79be479cb91c0bf69e9003baf3850bd6f89c07c766cf99b02bbab79f