Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07/06/2024, 15:35
Static task
static1
Behavioral task
behavioral1
Sample
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe
-
Size
580KB
-
MD5
67d9ded235a33b66af8398465168ca60
-
SHA1
e21ebbf56d93da932b1803b86d079d96c8f59301
-
SHA256
90e49b5e3c24c22267ddce647e302d605355596fd015d6f1dac27b59b826bb17
-
SHA512
bd4638b1939af19930a59ed14df5224cccb5d7bad94c20b4ee5e492063a006809d1663f18fe19ce373c552fce22e5b400e179d2191a5f92aef35dca5f21c6034
-
SSDEEP
12288:Otfu3bk/pEUSlde0zk/Ltxids16UPPrA8AdqH1ZqtPHbFnCFpEUVkwoe6x+zwZSp:O9u3bk/pEUSlde0zk/Ltxids16UPPsTB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1840 ISL_Light_Client_4_4_2332_44 83358738.exe -
Loads dropped DLL 2 IoCs
pid Process 3484 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 1840 ISL_Light_Client_4_4_2332_44 83358738.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1840 ISL_Light_Client_4_4_2332_44 83358738.exe 1840 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 1840 ISL_Light_Client_4_4_2332_44 83358738.exe 1840 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1840 ISL_Light_Client_4_4_2332_44 83358738.exe 1840 ISL_Light_Client_4_4_2332_44 83358738.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3484 wrote to memory of 1840 3484 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 86 PID 3484 wrote to memory of 1840 3484 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 86 PID 3484 wrote to memory of 1840 3484 67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67d9ded235a33b66af8398465168ca60_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774524_3484_2880_1766110961\ISL_Light_Client_4_4_2332_44 83358738.exeISL_Light_Client_4_4_2332_44_83358738.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1840
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD524754b10246766dda98e82855e71c6ee
SHA1893e291686669a5c82f4efa9da5f7bab1eae0ce6
SHA2564b58e1b0d4eb121eda6754d8bdb018b4208b72175d9e2f1d627a575ff8cc50eb
SHA5124cc1ab75d56d1e854f322ee8b0b4ee1d5a814ebf41ea3b318dc825581f8be6b2f359358cc89fbb38b03ea428e8fa5061ce504714ec8074948eb61503f7940a2d
-
Filesize
1.3MB
MD53f3e59be7fcd410e4ca185d7714bded4
SHA1d567e0fd73fead1b78ad5635028d90820de83c56
SHA256e029e48c4e530a136bf0a167f4ea3a0d1f5b0366dcda134490f25c4a6e36c528
SHA5124faf40425353789314e6eaae6bd74e243dde960b39d02f953ec47aa0b86008abe46dbc3a18792de3e1621a2a8484a24e93fae635c7a83464816d8d4f1d39f93b
-
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1717774524_3484_2880_1766110961\ISL_Light_Client_4_4_2332_44 83358738.exe
Filesize1.8MB
MD5892e2361588d2303e14a6f2c2687fc07
SHA1cad6fb8bd94a551a2bceb385cea2a864c620e13b
SHA256010191ecc27b31156a2bb316e78a6099f883418a00c02d29f7e9daaff724d32c
SHA512f2f14459de28bbe9da0b03e5cbcecc7c60d264bdeaa5c7f0bc2f33e7b228671922f82cd4eac4c9c2e3497586eaaa1a83bcca137ce8260023ec69ad7d75168722
-
Filesize
5KB
MD55728f19bc0060256ee2fe8138a47c38b
SHA1cfff13e8bbfdfba1ff72a304d0cd63ed21100881
SHA256d197c6b46f3e8c8c403581f7514b984aa8be0a7ab78bce0c0612ef67c4e85b2f
SHA512a8c9dd2d23b5daaa84f08dc935e88d1912979212d01e9b0fd73fced5251b4438ddfe618102ca95affb50c607ead6387301a3513d14f29839c50d02c7cee485f4
-
Filesize
25KB
MD5308e2886aa9d6d33682d120a99da9106
SHA1f9927c527f4f779577ef76c06be2197393a8fae0
SHA256ad0c9deb0d71016829e5a0a992407abe072c946273f41985da0973de5e7dfda5
SHA51287a34215d995d697dec93eb0d7319d64c3709abbf5ddcbbb092176e6a51bd88da3efa89ecf4e5d514a6e8db5925b2ee6e633ac8f681925257a8cb61855d4221b