Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
26/05/2024, 05:57
General
-
Target
77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe
-
Size
629KB
-
MD5
77076524991a132b4d23bb7e83a9edb0
-
SHA1
f8439a70ac3b851a5e67da4b91ca28ec5abc879c
-
SHA256
8999ee0edae430356495baac9163eca6583f679a709179c45688a8e69d319324
-
SHA512
a97809ef692471182abb85963b7822750015f024603520bc36fc1bb4fa7fa3a9eceb5253859594184b51817e93df91654aac55a912de56a7bd08fb7b0c79542a
-
SSDEEP
6144:j4sZBOZdjEYTPXMhaMP/kFTA7OA/BOZdjEYF:jnANL8oq/kFTsOxNF
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 5 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 18 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\windows\system\jxmktrq.exe"C:\windows\system\jxmktrq.exe" "C:\Users\Admin\AppData\Local\Temp\77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe"2⤵
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"4⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe" "C:\windows\SysWOW64\bbbtesy.exe"4⤵
- Drops file in System32 directory
-
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe" "C:\Users\Admin\AppData\Local\Temp\77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\windows\jrdom.exe"C:\windows\jrdom.exe" "C:\Users\Admin\AppData\Local\Temp\77076524991a132b4d23bb7e83a9edb0_NeikiAnalytics.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
- Executes dropped EXE
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\bbbtesy.exe"C:\windows\system32\bbbtesy.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"4⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"4⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"4⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"4⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"4⤵
-
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
C:\windows\SysWOW64\aaxwqmj.exe"C:\windows\system32\aaxwqmj.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824KB
MD5df4c3258b1787546a9caa598b9fe740f
SHA143525098551d4d601e423ef6cbc4abb2e9053adf
SHA256eb700b9142395565f60da84af4289b713e30f90c760e1d4f689cdcc358963fd6
SHA51219e06487a6a7b188af9aab91d8f90bda949f133282c50edaff3afec305b6b45bb9958b31c2224ffd89c7c33edea68ca6626f62d444160b388f05a71e45109c08
-
Filesize
629KB
MD577076524991a132b4d23bb7e83a9edb0
SHA1f8439a70ac3b851a5e67da4b91ca28ec5abc879c
SHA2568999ee0edae430356495baac9163eca6583f679a709179c45688a8e69d319324
SHA512a97809ef692471182abb85963b7822750015f024603520bc36fc1bb4fa7fa3a9eceb5253859594184b51817e93df91654aac55a912de56a7bd08fb7b0c79542a