Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01/06/2024, 07:56
General
-
Target
936f370ea30246c1cb165a2f0d7fa0e0_NeikiAnalytics.exe
-
Size
3.7MB
-
MD5
936f370ea30246c1cb165a2f0d7fa0e0
-
SHA1
c574b5c7a2a62cf46c9c858baba96b5c80bfd116
-
SHA256
4f2800a2203fd748bed3bcc1286a2476e0ce7fe6957d148b8490bcc818ac7ecb
-
SHA512
b8338ed098fe15b8dbf4d465de636d3f490a1a469bcd50e136611f1393156c815bb328ccc4a39d36c151b9c9bf5db8f05daf7d21927e61b7c2605b10baea3dd1
-
SSDEEP
6144:F76vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvl:F2
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\936f370ea30246c1cb165a2f0d7fa0e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\936f370ea30246c1cb165a2f0d7fa0e0_NeikiAnalytics.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\936f370ea30246c1cb165a2f0d7fa0e0_NeikiAnalytics2⤵
-
-
C:\Windows\SysWOW64\msng.exe"C:\Windows\system32\msng.exe" fuckystart2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.OpenClose.ir3⤵
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.openclose.ir/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
342B
MD59e1857ce6ecd1ce0f391a7c53ba95514
SHA15541f85212ce07da88658d3b89db47c518e02008
SHA2568272fdb72e0a82ce26954165e551c9ee01aa63364fb8251f59c2c14f60e967e5
SHA512f0e1476ec10870c522df4ff255e10d751d3a539e6c063623aa7ac4fa7ddba5d5c3f564cd4902884350a7a44af740aa77aea08dff4c30b4296fcd76205775c7bd
-
Filesize
342B
MD50524925c73cc38a376643b9fc4e46201
SHA1892da3252d76432853f54f24fc2726ab19346037
SHA256054bbd9b8de16588b38ac68bc262c2690a138791006a71e78690f1e41d541475
SHA5129c6469b2e11e093530b20d7db1302308c9e0292a3864b3b21997e008f81ab4707c783641b225f394048c08943e7b72d3e495b2f2079a319412885fe10bfd32bb
-
Filesize
342B
MD578e6eee68f954d200327d7f63a293d1f
SHA190ac9bf2cbb0aeab751df55fb8e0d43b3dfcf829
SHA256184d0804d3d2574f45adec60cc6ae55c258beb3e7e15f16f3da63835f90ddaba
SHA51288572274cbd8c8a30c5915cf3b6c773483ac71ae83f171b4a5f1cbd531403a5b0a6f98bfcda05020dd5c1881dc56dad529fd0e28a26a5a2efb4130e9211844b8
-
Filesize
342B
MD500570372f850edde70d616c2b3f0d6f5
SHA10737fe1ca96c54daec3c97b17748e00a7eba40a3
SHA256beb2e047a5ebad246dda48f09b5f68d9d39aeb2a87151f938a9a02645e9753c1
SHA5124237bce3d37ec92bbb1d7a35e4c35d58be06dc6ba1fbbdce6958d1fd072a94ac8fe70848eceb7c5c01de6d22509b9e10c2efe4dc87d884c7b0d2b0c3dc6f8093
-
Filesize
342B
MD591629e4ea724dfadf7c5abb3d3771241
SHA17338e3ea95a3eb92e9586dc94fa948479dbe86ef
SHA256b8b5b813473cd1bddb621f1fde302612b2b361fbaa3ae229d32f230c4a4dfac9
SHA512f2fa6606a11beac5dcf4b40212a0e041c90611db4cad8cbd94ee5fb9f49da69bbd2e7bc4798b420a7272bf01cd9d00c9ec7a946d69b3ef324be4703622c0cf52
-
Filesize
342B
MD51defec0e66624485c96fd7c707555228
SHA18824b0cd659b0ca3c584eb7228f7524d8f1eec5e
SHA2568d4466226440b567f9c9c4854135f66fde18f5a60aa30a0b7ce0c5f7ecf4cac7
SHA5126e413b8713f94a398f530e4ad8e9ca537fa2eb79d8e71e13bf36a52bf437015475dcc7bc6cb744f49442fc70b34840a0b21475b994cba38e353a96d0db9aea9d
-
Filesize
342B
MD5de093ee56e4c2022ce0419c39284a185
SHA151bdc49349bbcd09affac362d641592047a6a7cc
SHA256dcd9d236f2a59c02b1e25741b2010d9f8f912839bbbdc83cc9b6390483ff8e56
SHA512b8b3cca5a35c10839b10baa61443d4abb954bc1562302becfd678ae3da7ad7093b84a5f0e0bde2d3d8a694f77b176b918aed7781b0ca409b51e83a5c443ebd5f
-
Filesize
342B
MD56854bd2bed66d1f0308ec7b2d4fe1215
SHA14ff908b7c0e14e782aec9f3e74b34aebb7406d7d
SHA2569daf78fce52757433060320a173225ab9efe606be1e7c7af5b8aee1cb224702c
SHA5126bb12825a5d42f0d0e074bc6e5f1749ec81bfa3ae6900f35288b42225824d5f9539296dbe0026362e6da40b1fef5a9f0a95cd2399d13f76a6f5b8ea8d684977a
-
Filesize
342B
MD5eab2061a934c45ebc79b602cf4a63bf8
SHA1feb0975b2e902570c0179659d04e9def4c41c57c
SHA25692796e0dfafa611dbb404faee784cdfd49027ccbf63a53aaf423e0173db023bf
SHA51230adff377458fbbdb3b406fcdd7e48953f3b78d02994a3b8ad312ae835545066778e13ce3d51204990900a447868dc27336a9d6f6e19ce6f1a722438f21eda52
-
Filesize
342B
MD55e4f0a81a1711489cf8bd5237861123a
SHA13e58ee3cd050e7089ee86a34836d83fb71b10e0a
SHA256a207ffe1fb2e2e801f472b0980d0148d4ca95638f9a27e501800049a48c1d349
SHA512ff45840319f8e61ad8b920c5a0f42e2ed3305794b4d1e920118afc2e2c5353e32103fb5f2c1ac9f7cd95f97a331db3f33e838462e2230b24dc735ce233f7f9d0
-
Filesize
342B
MD5f7212a63e0e8d4e6c92df91063dee438
SHA19292254539276947f00325e97ba7e2a49c2985e4
SHA2568f99c8493333f099c215ca9e9ac31a9dc86653f245369a74ce15d4b945abf70f
SHA512aee98e9a44c5b039e690ff3c9887c278ebcbf2577684b430268ae4a70a8c4099eb7375ada836493032654a7b6fdc8707cddeee3e1c0aeb9a8da11146ea7a516c
-
Filesize
342B
MD59f6645b7d31ee83d42d606320bbbabe8
SHA197ce7980c729cb694c31a571335c62f636b63349
SHA25646ae042efe76044c233b0ea2b03e7f4bc4d50ddc61bda1987a4f06b825074662
SHA5120035296ebcebb3107f5636a3f4e3a86513c995f65fabda2628f033155559d07b12aa83dba1a41a80acab4c4c21d0eb15016ef85be3d779ac0c791c9c37ab86d7
-
Filesize
342B
MD54cb64fdcef266ac77f7b8ce3314ddfaa
SHA1c7e454509244f07473c5ee3247213899c4577ec0
SHA2569cdbbfe4d3a4e8ad2b92442c98e65cba02281a1e18677e06083c09c5c82776b3
SHA512642a5d5781def96f28efc12d8ffde5df7eb1a519d39a5f1925bf3626bc0c0dfb9555d5ae99905be70e6ecae1967866897dab9d399c972956c612f1d661449a4c
-
Filesize
342B
MD52466e558b05a571c5947423e9cd9efac
SHA17f5ccefd27924824a2ad9a517f190b00a11c3f0f
SHA25611503d13dbb0ee54cad343af7c4063233ae335eebf3371d8a8205df9b2aa7963
SHA512e5592b86d79ad74bee9428db1034c19ed1d4919dbebf7e57425f5db884e9536a4d3e173b8e4b8bcd388a1d22b50f4986ba43b561628a53d5a69aa22e91195944
-
Filesize
342B
MD53198d21e79293afd1ab7e03fd06328a7
SHA18bea3cda981795f1e90bfe29bb64aa91a5a03f7b
SHA256260874c70e1adcd2ccaf98d945a3ef3f2bf7a8604b46ebc7ad2e9dae0028f181
SHA5126771af4490a475f45fc2b3d5159746b00a9725eadcfb29f715b5e959625566a627256b942eb1e30071822dd643e67ddd67a81416450d5b85eb7f95220307148e
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
83B
MD5a3c8845418fe51afaa72bf0cd9dd5f46
SHA1629dc72dd0a3a3de435e787c4b1a56cc80e28f26
SHA2568fb05fec00bdf9d18215d004479d013d87c30259a4af64008e4367e740bf21f6
SHA512351643a739368002c98bac6f7858169396726f4e995d8613e29af50cd85a45165c04de632b6090da2aaf39e27232fbbbc2bb9ab0590a88148b6b1797820a682e
-
Filesize
3.7MB
MD5936f370ea30246c1cb165a2f0d7fa0e0
SHA1c574b5c7a2a62cf46c9c858baba96b5c80bfd116
SHA2564f2800a2203fd748bed3bcc1286a2476e0ce7fe6957d148b8490bcc818ac7ecb
SHA512b8338ed098fe15b8dbf4d465de636d3f490a1a469bcd50e136611f1393156c815bb328ccc4a39d36c151b9c9bf5db8f05daf7d21927e61b7c2605b10baea3dd1
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
10.7MB
-
Filesize
3.8MB
-
Filesize
8KB
-
Filesize
3.8MB
-
Filesize
3.8MB
-
Filesize
64KB