Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 01:54
Static task
static1
Behavioral task
behavioral1
Sample
976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe
-
Size
40KB
-
MD5
976fec1f7068de234d4b152c88403730
-
SHA1
bb6f8efa8fb035baf680e8d99b8c38277a40677a
-
SHA256
aaa82c7252c2b993eb68297f50bd58e00d0292361248fc788b74f891d4fcfcc4
-
SHA512
d2a2996c7b05ab5b4a4d3dfe2039eccb8d6b214aac4af236712dae2578d92797560424c2bdd7efde4e1e2cf908cca807f84d7a6924b500acd5f52e8e0646b3fc
-
SSDEEP
384:R4xUgL9mP/khB8Dy4MfyzLeReRGngzXZ+Yu1zJIFBdy1AQrPgwNt6AMJ1cbfnVz6:eGknMFiiDMNzJIFBLQ7XNt6bk6
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\SysMain.exe" regedit.exe -
Runs .reg file with regedit 1 IoCs
pid Process 2212 regedit.exe -
Suspicious behavior: RenamesItself 2 IoCs
pid Process 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28 PID 2876 wrote to memory of 2212 2876 976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
PID:2212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD513af2e2ca749e57d48997d3caacb62f1
SHA1b531648d3be8ece3f38ad0ce081e0902a82865c6
SHA25656d7fa2b830ce61cdabca9d2e45be0cc3024729d8ae8c393ab694e4074e98c3a
SHA51226540f2d6b0eeed6126ff0578b771469c3f0e4f1843f6637e27daff29d7669c7780f0c2cb2c036b5973b5a3aba1f27cd4a33d8a84c546d6730f8c98c11b3665a
-
Filesize
166B
MD5b67c54cc252016ea441affb1b015db90
SHA1b956bf51ed1213a4903f5af819edbb2b200b416c
SHA256efe884ae8327e9d7811fe8b00b79a1c3d302aba1f9c1aef982398c6e9460d93b
SHA512d79926f6462cb0e64c592cc28771f2bf95d18bf936846288c3a11271c4d50907dfd63998c6d5da6d96149dbbd370c6642b87e28b2f6624a5a803efdfebc03194