Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    19s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:17

General

  • Target

    9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe

  • Size

    607KB

  • MD5

    9cc059af09252ed2a7c8cfc7d1e5c990

  • SHA1

    14f9d2a7b2a368f7fc772e590132bcc21747174e

  • SHA256

    66d7b8fb9b80db6290c427884cb409d95918a0bf64f3269420b17ad16fbce87e

  • SHA512

    576503f2a0e0311eb79fae41d5e5a5eb48d6c9bf08dfcdcaa532839e700076b9e955bca88a3edd78bb9de5bb6cf18efb55b7978e286c5cfedad3fc570f0bddb2

  • SSDEEP

    12288:+Xaplw9U+qMi8CtdVldusIh6BBHCHrKZXCktSzIzWpX5T:+aYTqMi8CtBd2QHCHmTBW5T

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2092
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev1842.tmp!C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:2756
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev1842.tmp!C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE

    Filesize

    607KB

    MD5

    678ca650ce6f4849bd4a8317e07655fd

    SHA1

    c0a47ecd684c4b1e8d4709926d175345ca250c76

    SHA256

    99e55d1fc3fe376f762f5f23995307a81f4dbe750d4b4570da1f6fe06abf901a

    SHA512

    4807b6dccb0638a06306ff4b3549bafe4edef8576a5a5312a060cc7de35953a486e639f25ddcf31b216bde716991ae494de0b248f2ca217212c165a92c2dc612

  • C:\Windows\MSWDM.EXE

    Filesize

    39KB

    MD5

    36b594ef79ea6d5f2ae23b4dbd940245

    SHA1

    7f016dde472df1dc3e0377d88c05475207bc44b3

    SHA256

    af3eb1fff772cba996abad554c8b9b73d92706b8f8a40cd7d07a170d41bed0d9

    SHA512

    d48a9b0d23d97afe6deb4a6f26174b1d812d0069bb5ec2496f6ec4d22ce070564f5e4d465394b63328bc8dc857a4462e6aea57bbde2c607d51c9e1d0addf673e

  • \Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe

    Filesize

    568KB

    MD5

    04fb3ae7f05c8bc333125972ba907398

    SHA1

    df22612647e9404a515d48ebad490349685250de

    SHA256

    2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

    SHA512

    94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

  • memory/1936-1-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/1936-12-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/2092-19-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/2092-37-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/2768-33-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/3040-18-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

  • memory/3040-36-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB