Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:05

General

  • Target

    9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9c7efd59018cdcef0f65f146433e4170

  • SHA1

    b1705709d8982dc74cfd3f6b55a12d8d6e6e8168

  • SHA256

    a879382b34d45ade7615c8c17fdca393ad51b943cd7bbdf68192c2185e8c71e2

  • SHA512

    665d3cebe53738fadce92715437ff1593a20bf107024e9be2bc60ee98d5260b0ee5debe43a85d9f3935ce6ea64e10b7de878ba6bdfd28985c650a46a2449f3e3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSp24

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\UserDotEP\devbodloc.exe
      C:\UserDotEP\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBZW\bodaec.exe

    Filesize

    2.7MB

    MD5

    8651f68e03a897055debe9674690bf9f

    SHA1

    b898813f8b619f35c9f8b60ab9deef46331bd4c9

    SHA256

    550ca4a09ac015e7b62f1882f76442bccc06cff863b85ce33a448b909a9ff004

    SHA512

    710e3ee840ee40212fdd1453f416d5b8e6a74254198a41ae92924854619d486a02bf976d872e763712012619bc21d2018f421e21b98f8c23f350b0bc2dad93af

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    205B

    MD5

    941d35ae77b769f8fc77a0eabd089391

    SHA1

    05ffb89c3e50a6d0114c8c4e78fe55196a933878

    SHA256

    2ecd2eaca21cfc4c3ba84a7d3e82a8873c6741424fcbbb8cea1d5c8e659a6f2c

    SHA512

    b252d7aab34b9f0fbb05fb59887006cda92171130a534420e301ebc9075bbbc35065d6177ccfd7bcd627fa5bca21e64bec4ce1e82d75b177e6cc4830b9d3c181

  • \UserDotEP\devbodloc.exe

    Filesize

    2.7MB

    MD5

    26560dd541a68a6e6f2774ac456b5e22

    SHA1

    f4c378abb0b4992af74247f24717f7567028b47a

    SHA256

    17f4ec99db1ea71def5b516ba1b8265d341ef00b9b03a1434a795c3399ad221b

    SHA512

    4a37580d244fcce34e28bcf87ab2c359b52b03e2b6d410a4a4c1c31b8bd51507c307248b5b1aa8075c399b8c0dff957756aae1c4e82c334f017d4ea2fc5572c5