Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:13

General

  • Target

    9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    9ca72f8eae57204b14b8e9a20d2b6d00

  • SHA1

    7f979042fbbc3b7d38ebb2a99e5e269acf1b9ecf

  • SHA256

    1094b422dc1c23ed84d6540f69575013d88a4f64954f996323c6144313ea090b

  • SHA512

    c25839ea0fa0c7d99d9a7b1c1884507ee08fababe4437414202bc4a606ce3a92af1cafec0e458c0cbba16ea66a4869180c1ebbf946043d6cf04e123325bf4cf6

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpR4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmy5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca72f8eae57204b14b8e9a20d2b6d00_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\FilesOH\aoptisys.exe
      C:\FilesOH\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:4624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesOH\aoptisys.exe

    Filesize

    4.1MB

    MD5

    6427be36934c0005e1c2502027fe968d

    SHA1

    e809840e2ffadc1856cac31e414cb6ab47e119fe

    SHA256

    dfcc5a157ca1d962517b0b4f8628696dc24f3fdc3f50efb6641ee14613a626b1

    SHA512

    6ff5b4f72b22485bcc3e1c53a48215b8e7a2ebffcb6b62b5bb22a5f41236db49422d956617163de178d6e68ddd0b51998fdf0f107104b566df21bdcfc515d8ca

  • C:\KaVB8R\dobdevec.exe

    Filesize

    4.1MB

    MD5

    c458d552c5f6b6076e0f2636e858ad53

    SHA1

    2561e62dc50ca4220b664dba6ed258d393b3d72d

    SHA256

    4d40b7e597d67452450afba41a8d328169b4d2d598e534dfa7def99a34d74404

    SHA512

    3fc6987ea70d25388f0ccec7a541ee68337e5b1648fc86643f7c607f2bc1c3ea2a1f0500266b598a4859021707c470d3cb9391b30ad8c0a2b06f9c6d4b23dc39

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    204B

    MD5

    5d32105cc229214f6a8bf27b911261c7

    SHA1

    b373bb8242a1119ae48c1ade4ff543f571e0f6b4

    SHA256

    a27d2adb9fcb3210cdcae14ab9d4943355b1acbef0983552a68f58eeab36650d

    SHA512

    886753c34286ae9a1b0af2414d3daaaea54f13239845a3ed199a4255e0c272128f8390613fb15a62784152df112d84a2f4f2708308850ab9f4446593cf53374c