Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:13

General

  • Target

    9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    9ca72f8eae57204b14b8e9a20d2b6d00

  • SHA1

    7f979042fbbc3b7d38ebb2a99e5e269acf1b9ecf

  • SHA256

    1094b422dc1c23ed84d6540f69575013d88a4f64954f996323c6144313ea090b

  • SHA512

    c25839ea0fa0c7d99d9a7b1c1884507ee08fababe4437414202bc4a606ce3a92af1cafec0e458c0cbba16ea66a4869180c1ebbf946043d6cf04e123325bf4cf6

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpR4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmy5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\UserDotZ2\devoptiec.exe
      C:\UserDotZ2\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:1340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBUT\boddevloc.exe

    Filesize

    4.1MB

    MD5

    838728b2da932c7e297dfb7388f44444

    SHA1

    20cf40c9889f94a9ae73e316d34d2e23fa897799

    SHA256

    636cae2dbf2006626bd4e22d307ba81c1163db7a3a1eeda57af638b56b0544c6

    SHA512

    1db1b7c5247e14221a70ab4e4cbe8650afb020af6b2882adec211d798ddb24b16b02c8fee16dc9e62c1034e6d6951fa65d3a4468d34a9cf66a14c1f524b7df46

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    209B

    MD5

    ec1ce32606863463608fa687a0c6aaad

    SHA1

    e702c867b9c88b34a2b49120979f130f2aa84b74

    SHA256

    70ce021a357d83146d1aa3ad48d9c57261f4e52e30e9c1f2179e286ce922867c

    SHA512

    a4a07676af4011c56937cd88579f29383ce33cc13f3e024b54a72c86153f6c27d59ccbf05810bccbddc41fee27a30b4b01bf691242a6020656fe285c4270fde9

  • \UserDotZ2\devoptiec.exe

    Filesize

    4.1MB

    MD5

    9efab377a2565be9ae6df6d6b97e51e3

    SHA1

    dbd2067c38d6e6dd7a3b9e7d9d0b2239f6220756

    SHA256

    35e922235d8f232b4c02752d051d04c8309321468ca4d0f7ac2b82177dc4f81c

    SHA512

    69210f6c62714a1adeb5e65ae8ba7d6f0090e9676e8d7eb3ffbb3db8ea487c3b21eb76681c5739ab79a0274685677d316248f9f0d5e9769d7a48b4b681db1633