Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 02:16
Static task
static1
Behavioral task
behavioral1
Sample
9a825f8356f5339b568c238223480980_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9a825f8356f5339b568c238223480980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9a825f8356f5339b568c238223480980_NeikiAnalytics.exe
-
Size
4.1MB
-
MD5
9a825f8356f5339b568c238223480980
-
SHA1
328510f6b3b9873a2b4f491c8103c5fea0e50a3c
-
SHA256
594ca98ce639d615e87928f8e2a478441d5eff1df9970a2adddf9acd58400fb0
-
SHA512
303e712d517a5dd2a840c4656d9ec9743daf0472cf77f58b8d1849fff10b573b39704602a36ff39a01570a249ae4234e3c5d38b5f22eb7ccbc3e344ea3f3d6ab
-
SSDEEP
98304:+R0pI/IQlUoMPdmpSpz4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmM5n9klRKN41v
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3952 adobloc.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\IntelprocKY\\adobloc.exe" 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZSA\\boddevloc.exe" 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 3952 adobloc.exe 3952 adobloc.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1856 wrote to memory of 3952 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 93 PID 1856 wrote to memory of 3952 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 93 PID 1856 wrote to memory of 3952 1856 9a825f8356f5339b568c238223480980_NeikiAnalytics.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a825f8356f5339b568c238223480980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9a825f8356f5339b568c238223480980_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\IntelprocKY\adobloc.exeC:\IntelprocKY\adobloc.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:81⤵PID:2408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.1MB
MD555e77fb57e82a909f1dedb5f85f4ab0d
SHA1b726c2386a50586fb1fefc66af63073f25081823
SHA256f8e4c968c62f8fa8fe6332e3c35b047f70c1a46703ffb6f607f9f372f6e955c8
SHA5123d68d64690a8daa21ef7add91dad4cc0a14dae5c314b82697a9f26c624d4a2432cb05fc8ae8b856b4419dc9bd9dd421e5e8f2dc63133acf772080867f5f5396a
-
Filesize
4.1MB
MD558a9f25d47039b127171114523fc5d7e
SHA1796a266fb6757906153e9bebb5a06cb5aa88882c
SHA2564fce4e22b270a41b13a0d9a7709f20bc67fdba63676cf2f9dcb4927e67c1d16b
SHA5124327665b4f4a870a0e71b1278d1d2f8adcd5e0285196c10f0ce87148dc63fbfdcbddc6a9e7cb3c70b7d97ca15d1403574a33760c01124ddb53462048127af7d9
-
Filesize
205B
MD5027b2620862832b1d91eec250df6f13f
SHA11a8c9a795effe0992440444e2ba01eeabfe75337
SHA25674a31121c605f6c6a034f01fc740bd40d208e3f98107590b96e90e482d6f3de9
SHA51270e4642aeb7462e3778d28b14308c4d9d8c6add051872319337a397240ae49415a240a163912036e446664aaa7a451bb4cd42b7ad4539b81e7b9c72d5f00245d