Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 23:00

General

  • Target

    7c7b92cf95864bd65b304dc39a53f960_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    7c7b92cf95864bd65b304dc39a53f960

  • SHA1

    9b1511de36225a6488351e058f763da0fa050d8e

  • SHA256

    692faa7d7d7b3ecb54d05b76ee84ba34284c3d087d031866d78dae79dcf9876d

  • SHA512

    dce0411ded76b57cce0d7d5a45f906d6bc432dd29f414257affd8be04b2b2a4a7974675799ac7e6396f7750d5e747df3b4335ea4fb25d93ec160f07128a1d751

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp04ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmv5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c7b92cf95864bd65b304dc39a53f960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c7b92cf95864bd65b304dc39a53f960_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\IntelprocM0\devbodec.exe
      C:\IntelprocM0\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocM0\devbodec.exe

    Filesize

    4.1MB

    MD5

    a4e99cc8ab4325dae9bc04dd56678831

    SHA1

    53b19aae753fee656f4aaee4eb192fe1cc5499b0

    SHA256

    aea5dc65f7e2a857ca949c6a27328666335f1d576b70a18a580e48a24558c02d

    SHA512

    a628f54f707604dd7278816031a6651bf23f64b299686d0f39265485b280820557a2d3b385774ebb4c807ed2955dfd291618f2f2b69b6ded75788be0e9a4abb4

  • C:\MintZF\dobdevec.exe

    Filesize

    4.1MB

    MD5

    0369475b61297c4b615a515476e87efd

    SHA1

    4edfbc8e6d44e93a349119496c82e0d1263c24e7

    SHA256

    3d3d24d868bf71347adb3540ab00ea36c155ce63b647949ed2eb5e2d3777a430

    SHA512

    5431f03ea185d9e37883a33d1b9bf4418320cff855dc446c7bd289c067ed76ae78436e53c65e42d1acab20f66bb94d5105dd8367adfdd6497a4a3fc0f07e88a0

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    205B

    MD5

    4e2be85408670650bce2df5f59553c2c

    SHA1

    a52fe2ae6bfee33484272d5ff55611e245d9de2f

    SHA256

    25010d838a1f37b7d723ab39ef453e58900af1fc86c87083245370b3e261000b

    SHA512

    67f4c2d16e77674ff38726b4b4f8e151ff33700621ffd61bf75258d43421778f082e174e2669fbd5c9440948e791f372558cfa6b7c2b4981e6dbecf8209f2d08