Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    19s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:09

General

  • Target

    9c9be88b4b2ae8ea58001b80b5e24610_NeikiAnalytics.exe

  • Size

    538KB

  • MD5

    9c9be88b4b2ae8ea58001b80b5e24610

  • SHA1

    06e993ea271db84a54901ed8c464656def1bc805

  • SHA256

    fa8afbb7ed8b62521d89341a6dc3001bad19811297da7f77ca7fc7f0703c2d05

  • SHA512

    fbad8807906fb5b7f4bda4344a730c816cb9d92d835df4aeef1402891f30e0912835ef8e038dcfaee1ec7796db0dfc5bfbafb637618327bc95ff452310a473f7

  • SSDEEP

    12288:wlbX+h1gL5pRTcAkS/3hzN8qE43fm78Vg:WbX+w5jcAkSYqyEg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9be88b4b2ae8ea58001b80b5e24610_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9be88b4b2ae8ea58001b80b5e24610_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2192
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev18DE.tmp!C:\Users\Admin\AppData\Local\Temp\9c9be88b4b2ae8ea58001b80b5e24610_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Users\Admin\AppData\Local\Temp\9C9BE88B4B2AE8EA58001B80B5E24610_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:3024
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev18DE.tmp!C:\Users\Admin\AppData\Local\Temp\9C9BE88B4B2AE8EA58001B80B5E24610_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        PID:376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9c9be88b4b2ae8ea58001b80b5e24610_NeikiAnalytics.exe

    Filesize

    458KB

    MD5

    619f7135621b50fd1900ff24aade1524

    SHA1

    6c7ea8bbd435163ae3945cbef30ef6b9872a4591

    SHA256

    344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

    SHA512

    2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

  • C:\Windows\MSWDM.EXE

    Filesize

    80KB

    MD5

    c06d2bf4e02efc8301ffdee923381cfd

    SHA1

    5ceea66714bd6040a2a57baa7e9eccd2b64e994a

    SHA256

    3e7a32d9723e43ce05931b8b79f4fb8ec5eee0eafed7d4d7a635e9d5d4da5e87

    SHA512

    0f1eb53c4bf4246614141adcf351bec9778373e4f6cf9700dc5ad00cd29b767ee1c0eb8d81b174890ddbcea39155895b6cb99681c3d20573faebd315628f3cf6

  • memory/376-27-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2192-21-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2192-31-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2212-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2212-12-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2520-20-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2520-30-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2520-24-0x00000000002F0000-0x000000000030B000-memory.dmp

    Filesize

    108KB