Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 00:51
Static task
static1
Behavioral task
behavioral1
Sample
12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
-
Size
79KB
-
MD5
12100df35869f6dd51d0a164a556df00
-
SHA1
6a58d6562a129d6dc14b5ea70a581fffeabdc07a
-
SHA256
297467963fb79f407afe4861fa8ad2c69b2684041fd99beb5b24519b4313e78a
-
SHA512
82583fd870cc22e2aced7ce7bfa8d67b8509d2e8e12ae6d72e66830732711a0d1cda346fe0c3c67f3cb188916329cf63ccd29885b379df56196b5849f46312de
-
SSDEEP
1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMykN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2480 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2104 cmd.exe 2104 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1908 wrote to memory of 2104 1908 12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe 29 PID 1908 wrote to memory of 2104 1908 12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe 29 PID 1908 wrote to memory of 2104 1908 12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe 29 PID 1908 wrote to memory of 2104 1908 12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe 29 PID 2104 wrote to memory of 2480 2104 cmd.exe 30 PID 2104 wrote to memory of 2480 2104 cmd.exe 30 PID 2104 wrote to memory of 2480 2104 cmd.exe 30 PID 2104 wrote to memory of 2480 2104 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2480
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD57b36d370766b88fac679230be2558a32
SHA18c14799f173c4fa2359ed138b03ef6cb911077e5
SHA25669920a82806a226a62d617088de27ccbadec383ce36adc7364867fbbdc7f60f7
SHA512050792dd2760eedc3d83422ed0339866a76c78742996432d2d07a3fed6ca91fed6695e3daedb07be956fc4ebc2f447f7ef23f8853739d98ef5d6666241c45ff9