Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
75s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
09/06/2024, 13:14
General
-
Target
47b9b3fa9ac2cb08f234382917930540_NeikiAnalytics.exe
-
Size
226KB
-
MD5
47b9b3fa9ac2cb08f234382917930540
-
SHA1
10c93b6f06201fbb8d030b3f67cae1e59582d877
-
SHA256
d5d8a5c2e21754b89fc4d2cf2302ed803b191fc23f3778508ae6d7232a452ae5
-
SHA512
9b5f754d79926f029ed7f17c8e2f1c41e8068d52e82e8f02e8842ed00a10c0412e1936afdd5cbed14eff868b62a242961d5294ab9dd6e5660709ff919a411d12
-
SSDEEP
3072:GKcZcOUmoz93z8aKDe8hNau7XcgSZdfUq:GKuKD1ue8hNauXbF
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 12 IoCs
-
Executes dropped EXE 6 IoCs
-
Drops file in Windows directory 6 IoCs
-
Program crash 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\47b9b3fa9ac2cb08f234382917930540_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\47b9b3fa9ac2cb08f234382917930540_NeikiAnalytics.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0AAEE68F-910B-40f2-8681-2DCD17AC088A}.exeC:\Windows\{0AAEE68F-910B-40f2-8681-2DCD17AC088A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58C6BB6E-DDE0-4815-B34A-3429172A60E0}.exeC:\Windows\{58C6BB6E-DDE0-4815-B34A-3429172A60E0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64319215-96B9-4ee8-85CA-208E7D98586A}.exeC:\Windows\{64319215-96B9-4ee8-85CA-208E7D98586A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A858A2D4-8CF8-4930-A2B3-157F0DBD6793}.exeC:\Windows\{A858A2D4-8CF8-4930-A2B3-157F0DBD6793}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EACD84DE-DA54-48fb-8DE8-AEBBC1EE9CC6}.exeC:\Windows\{EACD84DE-DA54-48fb-8DE8-AEBBC1EE9CC6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{34C5C9D8-C2F3-4bf2-8E3B-B34B1B105973}.exeC:\Windows\{34C5C9D8-C2F3-4bf2-8E3B-B34B1B105973}.exe7⤵
- Executes dropped EXE
-
C:\Windows\{1EC9A5BB-8BA7-46df-8BAA-F6C7D954517F}.exeC:\Windows\{1EC9A5BB-8BA7-46df-8BAA-F6C7D954517F}.exe8⤵
-
C:\Windows\{BF6956F2-2D13-4cd4-970A-73585CCE0274}.exeC:\Windows\{BF6956F2-2D13-4cd4-970A-73585CCE0274}.exe9⤵
-
C:\Windows\{1EFAE271-2D27-4ca1-A4B0-0C4B0A7963FC}.exeC:\Windows\{1EFAE271-2D27-4ca1-A4B0-0C4B0A7963FC}.exe10⤵
-
C:\Windows\{A4F10A7A-A210-4add-A264-9C3A306201B1}.exeC:\Windows\{A4F10A7A-A210-4add-A264-9C3A306201B1}.exe11⤵
-
C:\Windows\{90BFFD21-80BA-4386-A1D2-A8161222A62A}.exeC:\Windows\{90BFFD21-80BA-4386-A1D2-A8161222A62A}.exe12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A4F10~1.EXE > nul12⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 78812⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1EFAE~1.EXE > nul11⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 72811⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF695~1.EXE > nul10⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 77210⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1EC9A~1.EXE > nul9⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 7649⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34C5C~1.EXE > nul8⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 6128⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EACD8~1.EXE > nul7⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 7887⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A858A~1.EXE > nul6⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 8086⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64319~1.EXE > nul5⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 7805⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58C6B~1.EXE > nul4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 7364⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0AAEE~1.EXE > nul3⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 7923⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\47B9B3~1.EXE > nul2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 7322⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2836 -ip 28361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1540 -ip 15401⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3524 -ip 35241⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1504 -ip 15041⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1012 -ip 10121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4348 -ip 43481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4488 -ip 44881⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1032 -ip 10321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2120 -ip 21201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4820 -ip 48201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4292 -ip 42921⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
226KB
MD5ac45286c5ae2c7f0837b5c1088a65d36
SHA1068b567dd7c1e6876e126e1020349b298f53337e
SHA256f9bcb158d79e0bbd7f69ab29c5c664d89efa1319735cf9375dac27ff924e6418
SHA512b7b210b2531d63a63460823cf334629812a740ebbc28f2378ea468ba180d5611e31a973323de91a3a1259f2a7ceb09281a1fe9c73e2028a45f6bf1769a3679c8
-
Filesize
226KB
MD5a802d3a29246640822156ca7701a4755
SHA1670f7aedc81419c5542b88acf9c7e3cb67181566
SHA2569b7463e0b2024eddc9d334d989ec8a2cad62b480622f05d6ff34fb8e1c2b35bb
SHA512de3da5f6f53298c41bf796e9cd4b74b919811adf47bc78a54b5fcf9307e6a4845347c85c9036fc42e472dac6b1aea71ddcd70ad7fa78d8c4d0b4a1e7ee8e7f83
-
Filesize
226KB
MD5a28c1c5dd9143e5654667e9b02fcd8b4
SHA199771e7f48cc495f80db064eed4600aa385a4efb
SHA2560b3fbc81aee595d9af1dc8c208e37bfe4d1db708426084e5b5aef339f9c8780f
SHA51275b9165b24beaf725d54c682d1c824463986acff624e19517842dfa28b04661efaaa880608ee87619b228f425631a13be223c02e9f7c29d3117ded2e16ac2fac
-
Filesize
226KB
MD523ed1742c7470f012e16901f8705058f
SHA11052f3fd35acdb2dc248ecce14d89496c2bb103c
SHA256a8a1f7ccf6de3bd8d19cd113716ffe1223d0e714ad09f627369d169637bfe9f8
SHA51254b49fa1c1d275059214989a101090d9c7d079dc68d6362941c7739b8a5bf062b90abfdba366ecc73210eaf6883c3b549855defc392f202a0a63529ee969faf4
-
Filesize
226KB
MD50ecda1c365bffdcfa34e1f670e854117
SHA1e03a40ef6a884610d3a9da7b96ef464711e05575
SHA256c48acae2547a83f60e8770cb7c4791bd71de4de4a1a66cf676f3ab38232aedee
SHA512a01a7ce8f77194448865537082397fe554c77bc573ed1e26380727d60f2829910f893b1e11ded7a36b7b19e71f92d651264933176b56d32b2967f9a92b5a6061
-
Filesize
226KB
MD5a206521f5ef6ca477a93904d5bafe52f
SHA185637a086d06d6992bce8bf3a152b7dadc8a52ae
SHA256e4dd0d0603a3963dcd2e60239b9bea0a95c5c8a005c673853b83b9e3970218cb
SHA5120f7f9f24551450e595d0edf9dea94e143046ac0c315138bfb377731029a8aca7108b7ab23332754975d6b5fdc19f543aaa2c277f758facd586e0d6a3629d647b
-
Filesize
226KB
MD50fb1e0d8a5de83d856ce2b8059305540
SHA1c27076ad50ba022ec95896524204c05453cdb33e
SHA256f405e5108f228a34e799a1d56479518e40ab3efc89361b81749a9d519fab6eac
SHA512aa069f61595bbc52e75c8ebeb492abfec575dc529c004300cbaae070f9b36740834beecfbc5c19fa58d6ead30b067b69845311857aea3ccb2a404377ed7c6de0
-
Filesize
226KB
MD5af94a5fc15ea3d2d0a26e3b3bd429de9
SHA17757d8b79b7fc0e3a9cc89d8e89abf174207034f
SHA2564da77575d4e56c38c5cfa662589143cc84f726b5538866eb1475597a8a984651
SHA512a52fb7eab7f8ca2b309e87f20c8bbeee905ef90eaaa15fc9fd5b82d7020b187e307e861918bd60b63af8f9d3f476edd17426874282ea63d2374e39eed383c966
-
Filesize
226KB
MD5b2ffce4dc4c42045668de3fe7208886d
SHA16bada9ef065c6bc13b8564355e302927f0ed5651
SHA25653c2741d905e3d7ccbcf60af574af85066a8d1a3601e331238a11e55b730407f
SHA51299d7856273949cdffed96005ea6e3766362be041399f61c1bf9ac53c9e08075b69fd734eaa11b60da7686439d0ff555d67cfa4533865f5d2836bea1190f661a8
-
Filesize
226KB
MD53351249822ba51616955b00836be0ab9
SHA1b872387356a5f1233d9fb65842963664946e9bb6
SHA256746233d1678364c59b6aeb6940192711752fde23af171179ab2678bd5fcf55b4
SHA51281cf3ade8248f00eb4199e9a754f577f5c8f6fe407900e6bafc9f17a0db8b5ccf807aca922f24fb394c24462d1db4a62a7e41cd045b05d2430c944622dcf10a4
-
Filesize
226KB
MD50cccabea0b327e1a3ea7977a340277f8
SHA17f8eebd720dd81875726552c8cbe5be23b61ee92
SHA25611beeb202b1cb213523ea41513ca6828ba1ebf3cb6d20cd4f5adb310d6af3000
SHA51213a3f11428d9b1046cc98585acdac129d0d3edfd716077bf59049d28acb81a5c45b5ed1e21fabfc8c79abb77940f67639c6ab4725909af9775f4c006a64b9321
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
256KB
-
Filesize
64KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB