Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 05:05
Static task
static1
Behavioral task
behavioral1
Sample
9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
9c7efd59018cdcef0f65f146433e4170
-
SHA1
b1705709d8982dc74cfd3f6b55a12d8d6e6e8168
-
SHA256
a879382b34d45ade7615c8c17fdca393ad51b943cd7bbdf68192c2185e8c71e2
-
SHA512
665d3cebe53738fadce92715437ff1593a20bf107024e9be2bc60ee98d5260b0ee5debe43a85d9f3935ce6ea64e10b7de878ba6bdfd28985c650a46a2449f3e3
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSp24
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2004 devbodloc.exe -
Loads dropped DLL 1 IoCs
pid Process 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotEP\\devbodloc.exe" 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBZW\\bodaec.exe" 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 2004 devbodloc.exe 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 568 wrote to memory of 2004 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 28 PID 568 wrote to memory of 2004 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 28 PID 568 wrote to memory of 2004 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 28 PID 568 wrote to memory of 2004 568 9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:568 -
C:\UserDotEP\devbodloc.exeC:\UserDotEP\devbodloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD58651f68e03a897055debe9674690bf9f
SHA1b898813f8b619f35c9f8b60ab9deef46331bd4c9
SHA256550ca4a09ac015e7b62f1882f76442bccc06cff863b85ce33a448b909a9ff004
SHA512710e3ee840ee40212fdd1453f416d5b8e6a74254198a41ae92924854619d486a02bf976d872e763712012619bc21d2018f421e21b98f8c23f350b0bc2dad93af
-
Filesize
205B
MD5941d35ae77b769f8fc77a0eabd089391
SHA105ffb89c3e50a6d0114c8c4e78fe55196a933878
SHA2562ecd2eaca21cfc4c3ba84a7d3e82a8873c6741424fcbbb8cea1d5c8e659a6f2c
SHA512b252d7aab34b9f0fbb05fb59887006cda92171130a534420e301ebc9075bbbc35065d6177ccfd7bcd627fa5bca21e64bec4ce1e82d75b177e6cc4830b9d3c181
-
Filesize
2.7MB
MD526560dd541a68a6e6f2774ac456b5e22
SHA1f4c378abb0b4992af74247f24717f7567028b47a
SHA25617f4ec99db1ea71def5b516ba1b8265d341ef00b9b03a1434a795c3399ad221b
SHA5124a37580d244fcce34e28bcf87ab2c359b52b03e2b6d410a4a4c1c31b8bd51507c307248b5b1aa8075c399b8c0dff957756aae1c4e82c334f017d4ea2fc5572c5