Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
300140a3e46...cs.exe
windows7-x64
700140a3e46...cs.exe
windows10-2004-x64
7$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
1$PLUGINSDI...in.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 20:45
Static task
static1
Behavioral task
behavioral1
Sample
00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FileInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/RCPicPlugin.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/RCPicPlugin.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
General
-
Target
00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe
-
Size
730KB
-
MD5
00140a3e46adf548e7ff87cf9d5c0900
-
SHA1
f0dd69a34d8e8535a5513a2a1bf6d755dcc632ed
-
SHA256
52a2fceb783b68c15163928a1f01f4ad9a49d48928a3e68f073eeaf1b550d3b4
-
SHA512
a4d3915c598cdc2a5b5af8d522a7da5593e3b2dbe4467573f6a20926aca5159cf6ce6bb3021c0120f648689bcf2f8314b5bc42b1c60f9479f15a6a21ad5015f2
-
SSDEEP
12288:ZT43hUGlUj36hOHmqNi2rd2lq+mWTvA4p3Gwe7OI2qRShbe0nM/:B43946hhS5EM+bTXpzq52GaNM/
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2324 Au_.exe -
Loads dropped DLL 2 IoCs
pid Process 2956 00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe 2324 Au_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2956 wrote to memory of 2324 2956 00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe 28 PID 2956 wrote to memory of 2324 2956 00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe 28 PID 2956 wrote to memory of 2324 2956 00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe 28 PID 2956 wrote to memory of 2324 2956 00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\00140a3e46adf548e7ff87cf9d5c0900_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
992KB
MD505ad7a5d251e7c7bfd9d56125663d2bd
SHA14e3951b8b9f7fa6e738998217938fda91fae720a
SHA256a2bc165462b22163e5abed2725148fae55e7369e6a7c688a907db244d0115fb9
SHA512b79d71ec6ab87405e9c6f3c524b52b57aa56aa4058d9aa8e53cd360acdb8bac6ed382f139a24c0973d01c565996e717d6d9513c5ff6bb39a09fd1f274d763e4b
-
Filesize
730KB
MD500140a3e46adf548e7ff87cf9d5c0900
SHA1f0dd69a34d8e8535a5513a2a1bf6d755dcc632ed
SHA25652a2fceb783b68c15163928a1f01f4ad9a49d48928a3e68f073eeaf1b550d3b4
SHA512a4d3915c598cdc2a5b5af8d522a7da5593e3b2dbe4467573f6a20926aca5159cf6ce6bb3021c0120f648689bcf2f8314b5bc42b1c60f9479f15a6a21ad5015f2