Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 21:11
Static task
static1
Behavioral task
behavioral1
Sample
020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
020eed924a280054c4539ec0404d6da0
-
SHA1
a691838dfdba8fa784fd6afaab8547bb7a6139ac
-
SHA256
019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074
-
SHA512
3b230e077abaf15b5355ecc8d9de23c364a3838bb2586dea1f0c591cf4fdc9999b231df31cb2fe7a2dcab50b162e7b1f0d9042da74102cab76ef637890cbc9f7
-
SSDEEP
1536:zvOjaGdq/bOXbIv3YOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvOjapaYGdqU7uy5w9WMy0N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3052 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 764 cmd.exe 764 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2956 wrote to memory of 764 2956 020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe 29 PID 2956 wrote to memory of 764 2956 020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe 29 PID 2956 wrote to memory of 764 2956 020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe 29 PID 2956 wrote to memory of 764 2956 020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe 29 PID 764 wrote to memory of 3052 764 cmd.exe 30 PID 764 wrote to memory of 3052 764 cmd.exe 30 PID 764 wrote to memory of 3052 764 cmd.exe 30 PID 764 wrote to memory of 3052 764 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:3052
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD549caf46630fa1da76f622b61e8dd1bb5
SHA13c7d8c9d5ef80a42b605a179f872faa93d8113f8
SHA2560ae98037ec3d8feefc9977ff9dce52374868384c97fce1e2c61ab43f5f5435f0
SHA5124760180c47f61fa54b39cc17e97da63f4fd35b6772e856736cc3e83b7fe28605edeb241c69aa843e89a8a782cfcce2a2eb27883b9366e91b9a0482ad929d47af