Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 23:17

General

  • Target

    15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    15f0a6b11e6ef87ce9cb5bc3f61a2bd0

  • SHA1

    c879c09e49fbb47b58139cdf189818b7d6a783c3

  • SHA256

    b8e8809a6ac6e33a00b2edf4c012a11f7f8ec71634dc34df30b35bd427efac86

  • SHA512

    848cd3f58c9f7a2a170332730899222816c4b0ed4cdabe4561db85136eb088c1a909c79242017af81a1a6ecc52413ada8a0bcb9907e26fc84bc61f4478183889

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpx4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmK5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\UserDotGH\xbodsys.exe
      C:\UserDotGH\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    200B

    MD5

    d465229ee81052307af7e066a5c43326

    SHA1

    6bf8620e9085382dc7bc1e3db114beb08194cdbf

    SHA256

    f862499cd436119b1efec7883ea01807a54c904f3c9191c35399ea7174d4ccde

    SHA512

    e18cfdfe1db114b3484a06a56d1d3606574da447d8bdc59257581bd1f27cf60f7e4a8182f3dbb0c71aedb5d93e44de7c74205b3d51bd004ff9e9c2c35134d749

  • C:\VidUP\dobxec.exe

    Filesize

    4.1MB

    MD5

    83e9c95368e999863a44b932e2978dfb

    SHA1

    35f0fb262f6a1ab7bfd865a3bf2134985448511b

    SHA256

    732b5abff724b090c9ee65ad56c457933da7d2ec90d60ca577681e962ecb781e

    SHA512

    6706a15bb266f59bb46102240c72ade5dea03a95df76a0a3036aee6fbb40885b3286b9a086c388863c393492656dd1bdb5c72e3700779eb7e5752ef6475ba7b9

  • \UserDotGH\xbodsys.exe

    Filesize

    4.1MB

    MD5

    ff860e8128a1ba5b16600b5b1ea4a8d8

    SHA1

    0f15a991cb133363b0bca45640593cc4fdd3a9dc

    SHA256

    49f9faa0ab262983098048ac868d150742e5f9ee89ffda93ff33c9ad77acf4a2

    SHA512

    1a1b21af9ec27c3fb0364e5b123709d7d3a0da3e8f32b3de77ad071ed2dfaeee4038754d2a301132ebf89f36ac2d910943f34d2caf7173075dc5140a7c1ea4ce