Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:08

General

  • Target

    9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9c9278106e502bd3a65a804b6c03d850

  • SHA1

    279efc0ee789af86e4aea0ba63c54462fedd2dbf

  • SHA256

    c297b78de4335daddb9f131bc31dd0bf8120b5250ba072d13ff3b24c05f14b1f

  • SHA512

    162145950ed830c9eb0c7d2a6ee55ed473593df69a748d8f6006e7377a6b6b81ffb7077ffddb704639ce92fa827f3f7b00ad9b762cfd0be70f94d63ffc7d16c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\FilesUU\xoptiloc.exe
      C:\FilesUU\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    200B

    MD5

    6ceee7ba3bfc2e2183f42e6fc6f4a4bb

    SHA1

    1cba22205524c8171670ab05f3abee707c24727d

    SHA256

    e675d1f35f9fe26f3cc453d566bad1e32574cb405da16b3a339abb8835d69071

    SHA512

    c2581b726057f3176a683f93ae67de8543d6a4f12dd9ec0a7366557f1d928e1a701471ddcdc61f0e324616222b32be17d75568b7bceca06e239321ae7f583623

  • C:\VidJV\dobxsys.exe

    Filesize

    2.7MB

    MD5

    33dd03a4a7462fa1606cf27d69bd263a

    SHA1

    645776080ba835efeb9605af6c1060eb5599ad17

    SHA256

    e40b695d253279f2303470daa3e017a54607580aeed5b05ce20ef38319deb5e5

    SHA512

    046a817ed6ae338d898cde1f77fa0b7265dffbafdc143642c5559eb4c643d277088b1c062fb6956a84f5536afd2f178f769e6304a8186699f0351c11a4c57b70

  • \FilesUU\xoptiloc.exe

    Filesize

    2.7MB

    MD5

    2b2af07c19285523e1564be26f4b0628

    SHA1

    6e3518be6f56c7b6d2276c7b5aac20e99b9014a6

    SHA256

    bcba3976780c318dbc35149ab17ef0d04a31cbb3c785d3bf98ef14157b99d129

    SHA512

    f4f96f999bc36041726c6850aaf798ae9c4fc8c15b86815e172da7e1c91fc8cf074fe0f2fa6ff39b85ed2b91e6e9070c289c148014b572906fe0a2da26e5e41f