Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:09

General

  • Target

    9c9a32a885f35e07776f132a6a403bb0_NeikiAnalytics.exe

  • Size

    213KB

  • MD5

    9c9a32a885f35e07776f132a6a403bb0

  • SHA1

    2676f7a87e314e65d78276c77e59874429728e8a

  • SHA256

    d4c1e3c18483f40ef6d5802eba37a7211d0fa1aec0bd721053e6eadd6f7b59b2

  • SHA512

    fbca6b3bbc11049d43990705827302d5f5c15c4eac5362da42e6dd5dd1ce8cc29cd80a95ca33983044fef6fc6d86cbb6efa3af4e32a7d3dbfbc7eb7abdb05cf8

  • SSDEEP

    6144:I7++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:Z+cff22qZhZcKYhc/

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Program Files directory 34 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9a32a885f35e07776f132a6a403bb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9a32a885f35e07776f132a6a403bb0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Drops file in Program Files directory
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Windows Defender\galyqaz.com

    Filesize

    42KB

    MD5

    3a43e527e6f9da367ec15a71fd84e1b9

    SHA1

    9ab4b39b4cf1c4ce3764fc760f0a6194ccfcd889

    SHA256

    980332a122a12e2341cbd82b81689fe4d4c8c2c125ad238789fef380d94eeb81

    SHA512

    d66ac39fb70814619cdfdb9101e466bb8d6a4a83468064747bb6ed0a6bfd7eb12b1bb02a557d21a1031ce562494925c4ef30b3822b4f0f77211e5b929bd1d96c

  • C:\Program Files (x86)\Windows Defender\pupydeq.com

    Filesize

    114B

    MD5

    bfde1e9e9c32c1681a16139450c6909d

    SHA1

    7e669b927e6a75a10a0ca29e38e58ddcb49b725e

    SHA256

    e0d020ba1cb6506cee234903a44c747ee0cfa7e2d1e60029e4cd8de9a431512a

    SHA512

    781fd54f155442dd34f9919b3cd063ee399db411bbfe15f2bdc43d3ab8ac2d04e1011b2c99fab42bebf7b903a94e09aaaef71b7a465d2d04b417f6dad8e8e396

  • C:\Program Files (x86)\Windows Defender\qegyval.com

    Filesize

    457B

    MD5

    531ec87a0b2f9477a52d88b111d0d46a

    SHA1

    50a72e5752075309f91c062e0282a7e7cd1e751e

    SHA256

    4875b451859b1eb8d0d3b040b1bb8d654d212edb6d9c721cf0f4372129579385

    SHA512

    07994963fd76b31ef0ba2c7f418dcb3ee0290f6baca2d8ec63a6e6b861557b13fbc20d2f0a10a66f35c4d72d4d2c1920ac88b96174604f2f8856868912327da1

  • C:\Program Files (x86)\Windows Defender\qetyhyg.com

    Filesize

    593B

    MD5

    926512864979bc27cf187f1de3f57aff

    SHA1

    acdeb9d6187932613c7fa08eaf28f0cd8116f4b5

    SHA256

    b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f

    SHA512

    f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ac1ce5444cc2c2c2697bae6664070ea9

    SHA1

    669744dfaf0ee0e0ed4019f468c82a3b5c7130f9

    SHA256

    fba280f9ef6bc8c1d0609e743b1b1d38c9ca2552449df8de09a59b625fb4f79c

    SHA512

    efb2a35633db5f6fb18c8ee3956256eef6b76c2e5607071a28021226afdcd03a59f5fe706635117b0c8bca8bce554699abd2b96c798f7b606003ed22a7b0d4a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    604d03e01eedbaa691d0621fe7a1b6d7

    SHA1

    83064bd2b9263ef5dde18df0ef6742d1af18316d

    SHA256

    a5f5c73ce2668c499416f50ec0f539914b78f1ac7dbcf2e3b2a4e673be540e8e

    SHA512

    f02121c0f49c5973a17f02ebe0e161ff4eea81a250cea315067e8b9259a82ab4e27707535fbb58244b42727b56ff71b9f722e2f392565bc5fac19702c573a60f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QX3DGWQ\login[2].htm

    Filesize

    168B

    MD5

    d57e3a550060f85d44a175139ea23021

    SHA1

    2c5cb3428a322c9709a34d04dd86fe7628f8f0a6

    SHA256

    43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c

    SHA512

    0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63P2HBLU\login[4].htm

    Filesize

    114B

    MD5

    e89f75f918dbdcee28604d4e09dd71d7

    SHA1

    f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

    SHA256

    6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

    SHA512

    8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

  • C:\Users\Admin\AppData\Local\Temp\Tar7D7E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Windows\AppPatch\svchost.exe

    Filesize

    213KB

    MD5

    d6b8a4e4d208d099b1d48416f0a9e8eb

    SHA1

    08d28ce3cce2fcebcf716fc587cee801a39e70ce

    SHA256

    2331b8c0dc35d795e8a244da91c380a674af09df6d527a6f41cf02ed58f2d891

    SHA512

    1c5a736ee4664c50ca14fbf2b2b4d149f326d747bc0f0be959b54e5cb28310a8ea1d1d35b1efa23f1bc9925ad1b8f04576f5834e1deb621d1170a32593e3cefa

  • memory/2340-1-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2340-18-0x0000000002150000-0x00000000021E4000-memory.dmp

    Filesize

    592KB

  • memory/2340-19-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2340-20-0x0000000002150000-0x00000000021E4000-memory.dmp

    Filesize

    592KB

  • memory/2340-21-0x00000000002E0000-0x000000000032F000-memory.dmp

    Filesize

    316KB

  • memory/2340-22-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2340-3-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

  • memory/2340-2-0x00000000002E0000-0x000000000032F000-memory.dmp

    Filesize

    316KB

  • memory/2340-0-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2840-60-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-76-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-49-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-88-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-87-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-85-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-84-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-82-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-81-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-79-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-77-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-75-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-73-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-71-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-69-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-67-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-66-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-64-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-62-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-35-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-58-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-56-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-51-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-50-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-89-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-86-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-83-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-80-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-78-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-31-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-48-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-74-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-72-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-70-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-68-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-47-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-65-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-63-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-61-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-59-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-46-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-57-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-55-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-54-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-45-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-53-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-52-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-29-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-37-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-41-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-43-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-39-0x0000000002420000-0x00000000024D2000-memory.dmp

    Filesize

    712KB

  • memory/2840-38-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2840-25-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2840-24-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2840-23-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB

  • memory/2840-33-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-27-0x0000000002270000-0x0000000002314000-memory.dmp

    Filesize

    656KB

  • memory/2840-26-0x0000000000400000-0x0000000000494000-memory.dmp

    Filesize

    592KB