Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 13:47

General

  • Target

    46ad43265774300b039f266db2711960_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    46ad43265774300b039f266db2711960

  • SHA1

    500c490d5f93b86d749cd0be45964c1623cf7ec9

  • SHA256

    e64ee3b3dd3c803e983063f1d72fd73c768522678090aa00925f82a7501a8fa3

  • SHA512

    1bf0a6820934ee51dbeb6f511dd154816d605328ad7a9724b3e92be8e0c8090bacfd37402732e8b0430d8de1a7785cdd4d0ad7a0581d24124c0f3a45bb622248

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46ad43265774300b039f266db2711960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\46ad43265774300b039f266db2711960_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\SysDrvWZ\xbodec.exe
      C:\SysDrvWZ\xbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBHM\bodasys.exe

    Filesize

    2.7MB

    MD5

    8010f54e6075e9b25e1c6f25e7db1333

    SHA1

    4133b7f820ff47f866d57692ba9de010eddca2ad

    SHA256

    6ab1576e55bacf0431b7b8627bd25d97a6a959f0d563624ef52f98d4ab61cf6f

    SHA512

    5f328a3966aae3ac2502b2beb4f43f99d6758c81aaa94bc2eff862cc11d45da908664c3cef4cce197ef1dc1abb833d9f751449c8a3154f2c77dbf7bcdddce161

  • C:\SysDrvWZ\xbodec.exe

    Filesize

    2.7MB

    MD5

    0d40ccd5fa2d4a574c90685f2b8e3f3c

    SHA1

    5d95d246cc7791f4c1613774ba97a868a696a961

    SHA256

    2d381924bf79be784e6ebea4f48163172bc0c59a92be22e379a5302e822c2079

    SHA512

    f555d6503df6251040fda987251d33c86978216b167285f30aee2c554873096f611d8a53c7e1de223113cce8e5b5e675acb604d77291912a07fef980ecf5f891

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    195B

    MD5

    3f43af72633fdd92faa5991f65018660

    SHA1

    c97336049fcc4cb822d9fd120b9ce087e45838c3

    SHA256

    29a470186f91444265a6248c0b4f2c8a02263fe9baa869fa8f234cfb33933371

    SHA512

    8bb1a0c8c6ca8129a1bcaaace98fc7c1ed034394e632f6d20870b6be39972fe71663b379876988fa97104aa04c79e8a1ae756de51ae1c91f2ca908cde3edee56