Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:35

General

  • Target

    5ee6eacf51a4924425ad85a5794030a0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    5ee6eacf51a4924425ad85a5794030a0

  • SHA1

    72f4c21eef90e4de1c8c0eb4037b845bf87f56f8

  • SHA256

    9d15659712303302f08a1e4dae295977337db6cde8e0b2e4a1fbb3b1b75319b3

  • SHA512

    bc7b1ee8e111a101ef0a6fdc7fd7c103ff9d9f8adc6d4476f450e15481df9f681554be265cd1209b72f803ff5f093922eb9c9bb6768af0f31c2962b507447600

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpj4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmU5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ee6eacf51a4924425ad85a5794030a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5ee6eacf51a4924425ad85a5794030a0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\FilesTJ\devoptiec.exe
      C:\FilesTJ\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBS6\dobaloc.exe

    Filesize

    4.1MB

    MD5

    cd3a9c5b411a3881a038819fe2b1e0a4

    SHA1

    e661bf827451398b779891b667feb7d81c8ce1ee

    SHA256

    e4a7df2f6b6c957d72b6146ac70d80f06fa5a17059c90621578d357ea14d206b

    SHA512

    8d378e4a869e728b2b64bf51b1f5f74f5107dd43146c717e5ebfc3af0031a28cf5535d36ad8ed12806fdef1cbd6152628833eee1b684b719098cbfd2db565b82

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    204B

    MD5

    e34fd2e55751d252520a3cc04030da70

    SHA1

    4f75e11577cdeeb565cfd8f088e3b43a0b995c7b

    SHA256

    cfcbcbed2a0cccd0e637c1858bd49191137437a19c8ca92efde610e69bbdce3a

    SHA512

    3afd95a64d90c658206a39a0d81aa5e78c6ffe2ae1c093bde8acc250418e2ddaf268ac78cd28f5fd76982ec81ee196f71cf5a8075507114a87de2af12a37fae1

  • \FilesTJ\devoptiec.exe

    Filesize

    4.1MB

    MD5

    1bbe8928f84f91b927d937a971b197f5

    SHA1

    4fa8724359e1bd66cebd4d2cf2db2672e00be86a

    SHA256

    2414fcf8166bc7f1894a00732ed38dc8f76c61023d1ca2d9e8978e4489ec47d5

    SHA512

    87b858aec30f0a9ef895d3a74bda5771e7f4d7b125ab1550ac72fee6899bf4fb6714ef2b6c579bada59d7b4206c6b71461c43fce7c5b062dd902cabeae275236