Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 21:03
Static task
static1
Behavioral task
behavioral1
Sample
030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
030016b776afb21658171c863faa49d0_NeikiAnalytics.exe
-
Size
204KB
-
MD5
030016b776afb21658171c863faa49d0
-
SHA1
948a513b271fcd99a3c385ab9d0b4c04572a517b
-
SHA256
38b1fe391e86a9851ae2118d3a9f497b02d0ca056d6bac4d0ff20dda70188ef3
-
SHA512
9cfdb607a731540bf5686373e0b04534402b80f498fab690b647b6f6f63aa2e60c944c5b6c4f796b3cdc269724f44ad126a3508d9757693efd1fb7553fbd9ca0
-
SSDEEP
6144:z1T2qtO0emEUYJIbKfG/ay3pl8thxBw0:z15M0emEUYftXBw0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1924 wrote to memory of 2528 1924 030016b776afb21658171c863faa49d0_NeikiAnalytics.exe 29 PID 1924 wrote to memory of 2528 1924 030016b776afb21658171c863faa49d0_NeikiAnalytics.exe 29 PID 1924 wrote to memory of 2528 1924 030016b776afb21658171c863faa49d0_NeikiAnalytics.exe 29 PID 2528 wrote to memory of 2636 2528 csc.exe 30 PID 2528 wrote to memory of 2636 2528 csc.exe 30 PID 2528 wrote to memory of 2636 2528 csc.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\030016b776afb21658171c863faa49d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ygmy00qq\ygmy00qq.cmdline"2⤵
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ED4.tmp" "c:\Users\Admin\AppData\Local\Temp\ygmy00qq\CSCEDB2F458A6184341892C171F65AA2059.TMP"3⤵PID:2636
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bbdef64956d31fa146f95845cfc61fe4
SHA174c2c652cb6d5ade394255823c2e80c128b6a082
SHA2564739d000994ea42f3aaffffced7f52034b104c7e003b2e00ea5dc0a4e5bb56d0
SHA51224cb8a164b16645105dd948de4e85d1f6b46955d5f33db11a78a81641876676041d1dc4bba493201f8fc2cb6fb7cf2d39de34d6d8194a9e49fdc65efa4c98569
-
Filesize
4KB
MD51648217b107948f899f9b908c4f91735
SHA191e01c0a6c059d80b85427e073ace7baf352e388
SHA256833a20c20887e36a4258cd2c219bfded7c85a0a01502b2442fc757230ea79d61
SHA512b960c33dcd903a87ecf9ca85b676a6f1c0e963c9a1c7f3e02cbf29e80bde971d5da211bab4f768a2237a1e58020294a247ae5433a1a38fc23a42609b4d3b5799
-
Filesize
652B
MD59e3c68826efbc88fbc2d54e2b5585c61
SHA162f17f9bf07c6c3b30bfec86f13c15af4155e791
SHA25632fd100e804a4fd59da761e9a1d50f8d25a5f4f39d066257cff8e0f22e367ef9
SHA512b86e476b300b0a16a60f7e780f2c589cc4f007f11224fe11cdf0f6545b4493b2c769c3b02edb53fe03f326ec4e71015c84f66104c535d0fd1364d9c031875db7
-
Filesize
1KB
MD5f420ebb3150f0764331a33377a7451b8
SHA18ed9b9d610e8ab76aea82a3830ad31059517630b
SHA256dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27
SHA512b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd
-
Filesize
208B
MD537275f800b85f1a0fe6c0c9e3698a58b
SHA1de55840e63f6855c0e8f339983e8c3d969db2421
SHA25674ee62571f8b67182aae5c88953cd90abdb360f68001acebf160f414e85bbe1c
SHA512fbaef31cdc44006d8add2df525d5ce9c16ce19ad1cddaf5c82545a8d947981cb6b95f843c4b33a161390555422b9556e64cbb0489818d1bd586c86b291b3e50c