Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 07:10
Static task
static1
Behavioral task
behavioral1
Sample
bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
-
Size
73KB
-
MD5
bd1f5ab902f19cefcbe406743261a440
-
SHA1
f94d28e4c3771e488cd2c6d27a3e3306d952444f
-
SHA256
f74b322019399bc3b35fd254f75c910966a22ac507a10c76e527802139df21cf
-
SHA512
41102819b1b1488119b38a0d52177534afd5e8b61847df4452eccab37e4a2c49a78c59d61948442d80cb91399521b643283d34c10d6761cd90bb7c57442b3aac
-
SSDEEP
1536:hbdqdHQSgVsNa0PK5QPqfhVWbdsmA+RjPFLC+e5hp0ZGUGf2g:hJUMsNRPNPqfcxA+HFshpOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2648 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2748 cmd.exe 2748 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2748 2976 bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe 29 PID 2976 wrote to memory of 2748 2976 bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe 29 PID 2976 wrote to memory of 2748 2976 bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe 29 PID 2976 wrote to memory of 2748 2976 bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe 29 PID 2748 wrote to memory of 2648 2748 cmd.exe 30 PID 2748 wrote to memory of 2648 2748 cmd.exe 30 PID 2748 wrote to memory of 2648 2748 cmd.exe 30 PID 2748 wrote to memory of 2648 2748 cmd.exe 30 PID 2648 wrote to memory of 3044 2648 [email protected] 31 PID 2648 wrote to memory of 3044 2648 [email protected] 31 PID 2648 wrote to memory of 3044 2648 [email protected] 31 PID 2648 wrote to memory of 3044 2648 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:3044
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD5b9769a3c0be9c6d321a5381f32836ebf
SHA18e831e7e931cf7be1ce51de89da5da8c4d8bcfa0
SHA256e223a9740c463972a36b3e8813f1ec9bc6080fcd31bffedacf7dc1e7012dfab9
SHA512bd0ad9a7c53fd9000369eb06b695b1dddbc6160506de80fbb6ef9b46c0b6036aac4f811818009462041ccf1ddc336baf681ddf8ea5892e444fb6ea9d5dbb1042