Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 06:54
Static task
static1
Behavioral task
behavioral1
Sample
7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
-
Size
79KB
-
MD5
7bb74497189d4e16c27b570c697c3d40
-
SHA1
1e9febe8f2086a95334da119a0f3ebeb5db140b8
-
SHA256
7637a87ffc3aa71dcd7809b2acb169dd2fb53c7d5889d506a92b217421430b4f
-
SHA512
72771ffe2e9caa6a6c3c5b99a6cb78d1f8e7d2869d649e0296d5d1c5af4348255ac3499a9f26c97051179c22a63afe4e73fda52f16947d23e224b9fcb3a4ac97
-
SSDEEP
1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyVN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2456 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1016 cmd.exe 1016 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3056 wrote to memory of 1016 3056 7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1016 3056 7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1016 3056 7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1016 3056 7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe 29 PID 1016 wrote to memory of 2456 1016 cmd.exe 30 PID 1016 wrote to memory of 2456 1016 cmd.exe 30 PID 1016 wrote to memory of 2456 1016 cmd.exe 30 PID 1016 wrote to memory of 2456 1016 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1016 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2456
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5d1889ebff1cdbd3da1116780cc589e8d
SHA1286201a7cf75dd805a1240c596da228c4e842cc0
SHA2563b34cb96054d523417982c196a4ac3a4bd6e1f7aab86cbacae28785f624ea113
SHA512f1fccfc4c17a858742edc4d232f646feb96cae2038f18f7ee738e137b6c5ca451070c5364c732bfaa9b8434bf24b0a3f473f8dd28d2bf06b561f4b4523038810