Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 10:25
Static task
static1
Behavioral task
behavioral1
Sample
468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe
-
Size
5.4MB
-
MD5
468952c7c4cc9d919455f6dd237823c0
-
SHA1
f27106f0c59fba56847446cde9919d12e32f7a79
-
SHA256
c520f3a32d4f6e82ae61d8168c4a52d13735af74c3bae0604604eee8c640b79b
-
SHA512
ecceafbc5a4623f3f26b1b8a0bf10945eab2c2cb06884e52a2faf9970ebfa63a28bb4d8c0bb13ddefceae1dcc7179622bb479bdbef90f99eb0d6558bcfe94cc2
-
SSDEEP
98304:emhd1UryeHFrkJ10P5nb1VR89nV7wQqZUha5jtSyZIUh:elnFra6BjE2QbaZtliU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1576 2C7E.tmp -
Executes dropped EXE 1 IoCs
pid Process 1576 2C7E.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3328 wrote to memory of 1576 3328 468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe 83 PID 3328 wrote to memory of 1576 3328 468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe 83 PID 3328 wrote to memory of 1576 3328 468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3328 -
C:\Users\Admin\AppData\Local\Temp\2C7E.tmp"C:\Users\Admin\AppData\Local\Temp\2C7E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe B284A615F0F8ED617706810B26C9C38FAC09285B38A205B0EEA28270200011599D44CF52B13D31770002A26CA2CDDA30A5EB5B3A82B55E78DBD76D6E3C6880192⤵
- Deletes itself
- Executes dropped EXE
PID:1576
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.4MB
MD506f775058483498003b716c35bb9c1c1
SHA1eb06099834d9bb8c444b8a3a760c19b134ac326f
SHA256e44020fd276d1cadb39fa9322a5578e0732992582966250916ff38cdc1f9ff92
SHA512acacca39b642d6a612d04c2cea9c27f875cb717ffb44135fba3c5c0cfe0bdcff3ddddb9f379c7172802637e0328cb64711732e919345d855bb17e7cea358e4a4