Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:08

General

  • Target

    9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9c9278106e502bd3a65a804b6c03d850

  • SHA1

    279efc0ee789af86e4aea0ba63c54462fedd2dbf

  • SHA256

    c297b78de4335daddb9f131bc31dd0bf8120b5250ba072d13ff3b24c05f14b1f

  • SHA512

    162145950ed830c9eb0c7d2a6ee55ed473593df69a748d8f6006e7377a6b6b81ffb7077ffddb704639ce92fa827f3f7b00ad9b762cfd0be70f94d63ffc7d16c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9278106e502bd3a65a804b6c03d850_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\UserDotP8\devbodsys.exe
      C:\UserDotP8\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDotP8\devbodsys.exe

    Filesize

    2.7MB

    MD5

    d275577270871bfc64623de4957bfbc8

    SHA1

    11b023e093a48a237018e58405bbc1be0e792d6c

    SHA256

    217e8964205d9aea304f9b51a5870730b3c856d91ea24ff89ec4c387a7923ea8

    SHA512

    1bf01ea53032a36f488fe1520e2d3ef64d2ff7f3edf5977fc64ab89c5a7734a0832f23350f8c9421548082030821dc125cf7278326e7b3efbde58c22be9c9d80

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    43fbe079aaa4f5da07129b13f3271653

    SHA1

    fdf022e5285338fcac05dd6ad38c2e232cebc8cd

    SHA256

    08f999a5d0ef7d3fccf1241eaa6db1c90ba931639bf9abaa94b59af7c443a991

    SHA512

    03ab243cc7cb0652d2dd7caa8b6bda9faddd33b9c5f929bd1d93f1f3a46afb63b92e1d90fa81d16b6f038720d68ba0b74a42d7a11ee68968c6f2ef5cdee2a583

  • C:\VidAO\optiasys.exe

    Filesize

    12KB

    MD5

    feeedd3354f177149f741107f13a4982

    SHA1

    cb06dad3e7e058cf1e0b70f7a65cf976c0788a03

    SHA256

    e41e3123e8e9ac8e60645f2aa2fff981f18852c6b50eae899f0dc5028d75d090

    SHA512

    d5587069b6f506946ecd309e9a4caa55abbcb746a2ace963c3a99c8ca121f194f2c7bbf26e129dc089576cfb904b728b8a2981925b735e6a5788e5e3a5e80dae

  • C:\VidAO\optiasys.exe

    Filesize

    2.7MB

    MD5

    6fbb7b4160cb89ff16a65657b66db4b7

    SHA1

    0c5cca49bdd5e5c23b40236b4355defee6151e7d

    SHA256

    6d0bcd097d9f9ac46de1553fbb2c2a7416305630d591c3a76762a1ad46e6c4fa

    SHA512

    f5801069da19819cf69069e89152bbae13e694c04baaf4d1461ff6c8ff682e3251c73f9d8dc5b141c9788610d00ba0106fca4ad06bd8d73f2b7230ddb967cb62