Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    24s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 22:29

General

  • Target

    0b3ffacb0ded4504fcbaf41045d5e7d0_NeikiAnalytics.exe

  • Size

    107KB

  • MD5

    0b3ffacb0ded4504fcbaf41045d5e7d0

  • SHA1

    ec4caf055201e5516d6d6734a15e22c589dee263

  • SHA256

    8a9eb18dff00bcac97fe8040840fe0f46622426284ba1d977ffb1f4158e495c2

  • SHA512

    461f3825ef5ef88d0cb333d15e508eaa6cc5ffe93a1a9aa6272a463940c035f8b51894f3b7dea55ba30426d1b58beed14cf28b5bab55031260facb9dd90d10fb

  • SSDEEP

    3072:HQC/yj5JO3MnnG+pLK4ddJMY86ipmns6P:wlj7cMnG+NKCJMYR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b3ffacb0ded4504fcbaf41045d5e7d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0b3ffacb0ded4504fcbaf41045d5e7d0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4864
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev41DB.tmp!C:\Users\Admin\AppData\Local\Temp\0b3ffacb0ded4504fcbaf41045d5e7d0_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3628
      • C:\Users\Admin\AppData\Local\Temp\0B3FFACB0DED4504FCBAF41045D5E7D0_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:8
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev41DB.tmp!C:\Users\Admin\AppData\Local\Temp\0B3FFACB0DED4504FCBAF41045D5E7D0_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:4420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0B3FFACB0DED4504FCBAF41045D5E7D0_NEIKIANALYTICS.EXE

    Filesize

    107KB

    MD5

    95f21b05453e4c0127a7382d959c2e8b

    SHA1

    ca90a48d8d41c4f44867461ea082ff69bba410a3

    SHA256

    a8378ce4279e17e11f4141b11663b575125e52a45915ee995c03fad8647235a3

    SHA512

    77236c5fcf8b4e597adb4821b0df7bf7174c3fd50ad6d5440cbef8f11bfe40bdc22eb628efe40042dff59b8409a46e2d92ec60073bf8a148ff4ab53fd9acad0f

  • C:\Windows\MSWDM.EXE

    Filesize

    47KB

    MD5

    705344bf490f31433f80acda6837395a

    SHA1

    346129cbbebd2436e618d662676b39a520c9db52

    SHA256

    8c50105f61b4c4e18eac962a85d10a9a8d887620e2a5fdd7e620a123f7cf0486

    SHA512

    db5f9a44c470fc3dbeddba0389f48aca50eb6a07e823647dc42d33b3d6d0383fb4d2382d4a6e802c7a9948c1d8b5428fc345453ba795aa72592be06e45dc860b

  • C:\Windows\dev41DB.tmp

    Filesize

    59KB

    MD5

    dfc18f7068913dde25742b856788d7ca

    SHA1

    cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

    SHA256

    ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

    SHA512

    d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

  • memory/1988-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/1988-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/3628-21-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4420-18-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4864-22-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB