Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 02:29
Static task
static1
Behavioral task
behavioral1
Sample
8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
8a0890aa5c474c8341877f5b2bcbcda0
-
SHA1
59086337eb5b8738d322c4d56baafa6cfc879a70
-
SHA256
3bf5925dffc4d936c3eb23c9d3d1dfb3c6d4a7f4d477e6c8bf170b8767bb3781
-
SHA512
2edf74804dbe5f2cdd2afa180b4bc08be7ab6138718c4f5b047064641d4fe0ba60845d71f16cb683c459ff4d5dcf2bef60fd5c9a62b9e5b484e82fe961afd802
-
SSDEEP
1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyUN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1020 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4560 wrote to memory of 3112 4560 8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe 92 PID 4560 wrote to memory of 3112 4560 8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe 92 PID 4560 wrote to memory of 3112 4560 8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe 92 PID 3112 wrote to memory of 1020 3112 cmd.exe 93 PID 3112 wrote to memory of 1020 3112 cmd.exe 93 PID 3112 wrote to memory of 1020 3112 cmd.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8a0890aa5c474c8341877f5b2bcbcda0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4560 -
C:\Windows\SysWOW64\cmd.exePID:3112
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1020
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:81⤵PID:2896
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD56c835d11d483f4eadc6980c8bcc3910f
SHA187f35be83685fdfc680de285e66a43708bb61436
SHA256a61dd6834195ab4eec03c13a3f437a273f51e2cb0b702016879a99bdc50e76cb
SHA512400ebcc63e881b4d2f87adb3ccdca9e01bbedff4b4219e1ef1664c753d01b2ad20138a2eb52d8fc99376b5681feb387c3c86b147da6addb59e7dd4c6571835d6