Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 02:16

General

  • Target

    9a825f8356f5339b568c238223480980_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    9a825f8356f5339b568c238223480980

  • SHA1

    328510f6b3b9873a2b4f491c8103c5fea0e50a3c

  • SHA256

    594ca98ce639d615e87928f8e2a478441d5eff1df9970a2adddf9acd58400fb0

  • SHA512

    303e712d517a5dd2a840c4656d9ec9743daf0472cf77f58b8d1849fff10b573b39704602a36ff39a01570a249ae4234e3c5d38b5f22eb7ccbc3e344ea3f3d6ab

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpz4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmM5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a825f8356f5339b568c238223480980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9a825f8356f5339b568c238223480980_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\IntelprocKY\adobloc.exe
      C:\IntelprocKY\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3952
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:8
    1⤵
      PID:2408

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\IntelprocKY\adobloc.exe

      Filesize

      4.1MB

      MD5

      55e77fb57e82a909f1dedb5f85f4ab0d

      SHA1

      b726c2386a50586fb1fefc66af63073f25081823

      SHA256

      f8e4c968c62f8fa8fe6332e3c35b047f70c1a46703ffb6f607f9f372f6e955c8

      SHA512

      3d68d64690a8daa21ef7add91dad4cc0a14dae5c314b82697a9f26c624d4a2432cb05fc8ae8b856b4419dc9bd9dd421e5e8f2dc63133acf772080867f5f5396a

    • C:\LabZSA\boddevloc.exe

      Filesize

      4.1MB

      MD5

      58a9f25d47039b127171114523fc5d7e

      SHA1

      796a266fb6757906153e9bebb5a06cb5aa88882c

      SHA256

      4fce4e22b270a41b13a0d9a7709f20bc67fdba63676cf2f9dcb4927e67c1d16b

      SHA512

      4327665b4f4a870a0e71b1278d1d2f8adcd5e0285196c10f0ce87148dc63fbfdcbddc6a9e7cb3c70b7d97ca15d1403574a33760c01124ddb53462048127af7d9

    • C:\Users\Admin\253086396416_10.0_Admin.ini

      Filesize

      205B

      MD5

      027b2620862832b1d91eec250df6f13f

      SHA1

      1a8c9a795effe0992440444e2ba01eeabfe75337

      SHA256

      74a31121c605f6c6a034f01fc740bd40d208e3f98107590b96e90e482d6f3de9

      SHA512

      70e4642aeb7462e3778d28b14308c4d9d8c6add051872319337a397240ae49415a240a163912036e446664aaa7a451bb4cd42b7ad4539b81e7b9c72d5f00245d