Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 05:13
Static task
static1
Behavioral task
behavioral1
Sample
9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
9ca72f8eae57204b14b8e9a20d2b6d00
-
SHA1
7f979042fbbc3b7d38ebb2a99e5e269acf1b9ecf
-
SHA256
1094b422dc1c23ed84d6540f69575013d88a4f64954f996323c6144313ea090b
-
SHA512
c25839ea0fa0c7d99d9a7b1c1884507ee08fababe4437414202bc4a606ce3a92af1cafec0e458c0cbba16ea66a4869180c1ebbf946043d6cf04e123325bf4cf6
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpR4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmy5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1340 devoptiec.exe -
Loads dropped DLL 1 IoCs
pid Process 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDotZ2\\devoptiec.exe" 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\KaVBUT\\boddevloc.exe" 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe -
NTFS ADS 2 IoCs
description ioc Process File created C:\Users\Admin';;,?,':,8492'4.=:>:1?'"49\:B>'?,=?�09@'=:2=,8>'?,=?@;'locdevopti.exe 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe File created C:\Users\Admin';;,?,':,8492'4.=:>:1?'"49\:B>'?,=?�09@'=:2=,8>'?,=?@;'locdevopti.exe devoptiec.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 1340 devoptiec.exe 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2792 wrote to memory of 1340 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 28 PID 2792 wrote to memory of 1340 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 28 PID 2792 wrote to memory of 1340 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 28 PID 2792 wrote to memory of 1340 2792 9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\UserDotZ2\devoptiec.exeC:\UserDotZ2\devoptiec.exe2⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1340
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD5838728b2da932c7e297dfb7388f44444
SHA120cf40c9889f94a9ae73e316d34d2e23fa897799
SHA256636cae2dbf2006626bd4e22d307ba81c1163db7a3a1eeda57af638b56b0544c6
SHA5121db1b7c5247e14221a70ab4e4cbe8650afb020af6b2882adec211d798ddb24b16b02c8fee16dc9e62c1034e6d6951fa65d3a4468d34a9cf66a14c1f524b7df46
-
Filesize
209B
MD5ec1ce32606863463608fa687a0c6aaad
SHA1e702c867b9c88b34a2b49120979f130f2aa84b74
SHA25670ce021a357d83146d1aa3ad48d9c57261f4e52e30e9c1f2179e286ce922867c
SHA512a4a07676af4011c56937cd88579f29383ce33cc13f3e024b54a72c86153f6c27d59ccbf05810bccbddc41fee27a30b4b01bf691242a6020656fe285c4270fde9
-
Filesize
4.1MB
MD59efab377a2565be9ae6df6d6b97e51e3
SHA1dbd2067c38d6e6dd7a3b9e7d9d0b2239f6220756
SHA25635e922235d8f232b4c02752d051d04c8309321468ca4d0f7ac2b82177dc4f81c
SHA51269210f6c62714a1adeb5e65ae8ba7d6f0090e9676e8d7eb3ffbb3db8ea487c3b21eb76681c5739ab79a0274685677d316248f9f0d5e9769d7a48b4b681db1633