Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 10:42
Static task
static1
Behavioral task
behavioral1
Sample
51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
51b0d1009a9af362052c2b7f808f6fa0
-
SHA1
0d15e864daeb5d81b770c2474f880d50ce700ce7
-
SHA256
763d74359e0dd05b106d68b9cc0293b9960443233b0f0345c01e36030b6209c1
-
SHA512
b6c78e92bf5275f74e196f460b8818467c608c23e4d69d2ceef470ee5a0f2d6c03be2e28982738015e65c9f17db04b9fac24987378268acef1f04466277f1275
-
SSDEEP
1536:hbLvRJ+Q0re1apK5QPqfhVWbdsmA+RjPFLC+e5hkD0ZGUGf2g:hnPHCNPqfcxA+HFshqOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2032 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2840 cmd.exe 2840 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1992 wrote to memory of 2840 1992 51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe 29 PID 1992 wrote to memory of 2840 1992 51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe 29 PID 1992 wrote to memory of 2840 1992 51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe 29 PID 1992 wrote to memory of 2840 1992 51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe 29 PID 2840 wrote to memory of 2032 2840 cmd.exe 30 PID 2840 wrote to memory of 2032 2840 cmd.exe 30 PID 2840 wrote to memory of 2032 2840 cmd.exe 30 PID 2840 wrote to memory of 2032 2840 cmd.exe 30 PID 2032 wrote to memory of 3004 2032 [email protected] 31 PID 2032 wrote to memory of 3004 2032 [email protected] 31 PID 2032 wrote to memory of 3004 2032 [email protected] 31 PID 2032 wrote to memory of 3004 2032 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2032
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:3004
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD5645b127a723b0b6b9942068639712120
SHA17a869ffcc272952acbd1425413b113d3dd917ba1
SHA256e391f7580141f5cc30b73cd28658733cef9aebfda9a51b6f4acebe8ef0ed2c5c
SHA5120d03b82222c1e2c6d19eeca89ad38cdc4b2acbfa4117d30766ade3c1792d1d79ddbcb8e3c6137c8207acc603457b3f1d1f0eea7dbf3c49868e9f46bd66ccf385