Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 05:09
Static task
static1
Behavioral task
behavioral1
Sample
9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
9c9d7179c498b8e79e48943f114d4d80
-
SHA1
72080780690f08709197b334050539b73eb9bf84
-
SHA256
fa154c649cd3df6fef0a1393cae5c74aeb2e24875b9dad06fcdfce60a272987d
-
SHA512
64ce7fc4101ed19cd147cabcd542f6ba6286dbdc6a88ec1fe4ba9616d7b203889e607143758f30fc275232047bfed8852d8a8a224f8ba1f63e04a873ff8ce909
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpb4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 324 devdobec.exe -
Loads dropped DLL 1 IoCs
pid Process 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocF3\\devdobec.exe" 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZI3\\optixsys.exe" 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 324 devdobec.exe 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3048 wrote to memory of 324 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 28 PID 3048 wrote to memory of 324 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 28 PID 3048 wrote to memory of 324 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 28 PID 3048 wrote to memory of 324 3048 9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\IntelprocF3\devdobec.exeC:\IntelprocF3\devdobec.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD566f47fd40782318581bf447ad5b613a5
SHA133c0f8550b7360562ee3cdef13477cbf4d4c29f8
SHA25602e9c6ae6a086791a6fdb40bc1b3fbd0007f5453ef9e75b1177dfffbc04da240
SHA512bb19bb04478b0c092b78eee16888f454fba2bfa16755e090faabe678722141312a2722c92032ed920fe072c6c06288cbd75787e37cfb4cb2ebbb50966b3a94bf
-
Filesize
206B
MD532349e6f9a6186efc63703649e0df12f
SHA11588b21c4688cfcca2b8a8056ae3e598dabc699c
SHA256ffb15274b889ba49986269a1385359ad0f9d9c53d51856d965627bb44f138991
SHA51268326d690c9f95948a7ba2bc76b37607ca4e51f9f8be5e2b102d804c40b5be24ddd4c94a0d25fe4f1fea18c4f4fa01ccde4c631ba228fa7d432b704556e6fdeb
-
Filesize
2.7MB
MD56202cb5d7f847f70c0cb5ba8152ba729
SHA1d1a7f9fe789319c62a313497f7ae56bead38ee78
SHA2566ca46808494c7ef5ff3c57cae8fae9179824e3a874ae2c9ce9b19de7665472ae
SHA512b89c30601fe845cf9af6168c3fa78a6b88227d2075e0af91529c21106f15d86d651ac6e677b0be63eca3eb23eb298a3c72d8e8e59de70005dbafa5fcfd33811c