Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8ba8bc24fe...cs.exe

windows7-x64

6

8ba8bc24fe...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ba8bc24fe636bc8628916141ace6a50_NeikiAnalytics.exe

  • Size

    1.6MB

  • MD5

    8ba8bc24fe636bc8628916141ace6a50

  • SHA1

    51d0db8f23bcc5ee52df9cbcd13f7c0c0faf5abf

  • SHA256

    fbac1e611cf7aa32ebb631902a3d10d84b2f7b25921466b5b6c87c57f0ce050f

  • SHA512

    7fa6ac2f4b89ce734ef5a260a2bf37045d68d5149374972b9d50b31a1851de210daa53c2958f60a691e45f4faf519414aa5fe2e3f3bbff0fcdcc401c571cf996

  • SSDEEP

    24576:xLILY8Xu/3y8UsG2BgYLicwnkCsCHdebUKyZURQ1TgjTe:mYrC8UsGuTweCHdeQKyZURQ1EjTe

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ba8bc24fe636bc8628916141ace6a50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba8bc24fe636bc8628916141ace6a50_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8ba8bc24fe636bc8628916141ace6a50_NeikiAnalytics.docx" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\37646423.tmp
    Filesize

    1.6MB

    MD5

    8ba8bc24fe636bc8628916141ace6a50

    SHA1

    51d0db8f23bcc5ee52df9cbcd13f7c0c0faf5abf

    SHA256

    fbac1e611cf7aa32ebb631902a3d10d84b2f7b25921466b5b6c87c57f0ce050f

    SHA512

    7fa6ac2f4b89ce734ef5a260a2bf37045d68d5149374972b9d50b31a1851de210daa53c2958f60a691e45f4faf519414aa5fe2e3f3bbff0fcdcc401c571cf996

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8ba8bc24fe636bc8628916141ace6a50_NeikiAnalytics.docx
    Filesize

    16KB

    MD5

    a1bce92d0cb3b74dcb5d5f4b75e4a0d4

    SHA1

    381bc0dccaf198454b861a65d3f6872b6a7daefa

    SHA256

    1bdc571b68623d43e9d5db890907570a470fc160f7d6d6d9c0140016c8df805e

    SHA512

    456d3522af6c87c8b11ef0033bc479434f6c9ae5ea3d3286f9b6e09f938c4cd6834d38ab973a9379c58cde7de396d3207c71b2e3b860029ba5510056c9b2d8dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TCDA0C0.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/3624-28-0x00007FFA7F010000-0x00007FFA7F020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-31-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-18-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-22-0x00007FFAC11CD000-0x00007FFAC11CE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3624-23-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-24-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-25-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-27-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-20-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-26-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-30-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-21-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-32-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-33-0x00007FFA7F010000-0x00007FFA7F020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-29-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-19-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-17-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-534-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3624-556-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-558-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-559-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-557-0x00007FFA811B0000-0x00007FFA811C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3624-560-0x00007FFAC1130000-0x00007FFAC1325000-memory.dmp

    Filesize

    2.0MB

    Download