Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    48s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:17

General

  • Target

    9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe

  • Size

    607KB

  • MD5

    9cc059af09252ed2a7c8cfc7d1e5c990

  • SHA1

    14f9d2a7b2a368f7fc772e590132bcc21747174e

  • SHA256

    66d7b8fb9b80db6290c427884cb409d95918a0bf64f3269420b17ad16fbce87e

  • SHA512

    576503f2a0e0311eb79fae41d5e5a5eb48d6c9bf08dfcdcaa532839e700076b9e955bca88a3edd78bb9de5bb6cf18efb55b7978e286c5cfedad3fc570f0bddb2

  • SSDEEP

    12288:+Xaplw9U+qMi8CtdVldusIh6BBHCHrKZXCktSzIzWpX5T:+aYTqMi8CtBd2QHCHmTBW5T

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3792
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev162.tmp!C:\Users\Admin\AppData\Local\Temp\9cc059af09252ed2a7c8cfc7d1e5c990_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1032
      • C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:4556
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev162.tmp!C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:3624
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\9CC059AF09252ED2A7C8CFC7D1E5C990_NEIKIANALYTICS.EXE

      Filesize

      607KB

      MD5

      4418728dcb9aa000a6bbbeda2ddebcba

      SHA1

      a76e262c9b0f8097839d58942c0f0a556c61d051

      SHA256

      ea05bb131d0d8c2fa4049002990ca40f451ef0c073fb94b56f28a2d73c1f8969

      SHA512

      9eeb3f67c3bb6a2bb0d9de7497fe6f53d4eaf49ea9b4a42c8c6ef60be8ba07386de3a5487d891aa50de95f1f10289d6f9adcf1bc9c9fabfd170329d1ba5ccdfa

    • C:\Windows\MSWDM.EXE

      Filesize

      39KB

      MD5

      36b594ef79ea6d5f2ae23b4dbd940245

      SHA1

      7f016dde472df1dc3e0377d88c05475207bc44b3

      SHA256

      af3eb1fff772cba996abad554c8b9b73d92706b8f8a40cd7d07a170d41bed0d9

      SHA512

      d48a9b0d23d97afe6deb4a6f26174b1d812d0069bb5ec2496f6ec4d22ce070564f5e4d465394b63328bc8dc857a4462e6aea57bbde2c607d51c9e1d0addf673e

    • C:\Windows\dev162.tmp

      Filesize

      568KB

      MD5

      04fb3ae7f05c8bc333125972ba907398

      SHA1

      df22612647e9404a515d48ebad490349685250de

      SHA256

      2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

      SHA512

      94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

    • memory/1032-7-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/1032-23-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/2132-0-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/2132-10-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/3624-17-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/3624-20-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB

    • memory/3792-24-0x0000000000400000-0x0000000000418000-memory.dmp

      Filesize

      96KB