Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 09:28

General

  • Target

    b46a12991a9135f8cfeeb503aadaa850_NeikiAnalytics.exe

  • Size

    118KB

  • MD5

    b46a12991a9135f8cfeeb503aadaa850

  • SHA1

    6ccd9d6ab1d3315c05f84091ead34d55f297943f

  • SHA256

    1093d454744c2fadb8f8744fdc03f9b8f70575deee13c162d7a5e76225c3c60f

  • SHA512

    77152f905bd6707aac42851c430909136de7b174bad76b70c5f1cc4fc3b4655a64a1c37bf085c226b99e4edabb22687297fa357c23a958830da1e7723a8f4957

  • SSDEEP

    3072:qJO248B0EMlISxbHPwYV/wlmNie0ROfOlX:qTLSzISxMYV/9i1b

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b46a12991a9135f8cfeeb503aadaa850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b46a12991a9135f8cfeeb503aadaa850_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:216
    • \??\c:\users\admin\appdata\local\temp\winlgon.exe
      c:\users\admin\appdata\local\temp\winlgon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3448
      • C:\Users\Admin\AppData\Local\Temp\rgsvr32.exe
        C:\Users\Admin\AppData\Local\Temp\rgsvr32.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3816
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 600
      2⤵
      • Program crash
      PID:3092
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 216 -ip 216
    1⤵
      PID:404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RCX4B9F.tmp

      Filesize

      116KB

      MD5

      0ed853e9d912905f001be6fdf45a8bda

      SHA1

      9ba59b82e72431d10cf4c95c0000c6976531ee1f

      SHA256

      ac89d20368b3438c5f8c0a3c4dd702ad600568e1c57d16a10c014924f60d2652

      SHA512

      c5a983aee812620d871a8b979fab0bcd4f51efdf0953a57db9a853fed3080f085954fd46393b2f667f62090499385cc6af4213f4290d0b877360d37e2e042de7

    • C:\Users\Admin\AppData\Local\Temp\rgsvr32.exe

      Filesize

      32KB

      MD5

      a22518e8a73ec19da806817d825d8a9c

      SHA1

      6f99e1591e1ce68ac44cd760729b2aeb2cba3559

      SHA256

      1ab5d2ea45fbff4444eabb45a3a31538730ce56f2b9c041bcab958e3c69db97b

      SHA512

      8f56ea79eab4b2e1d6b81981a9cd4f9652821b1cf17337ff3abf5796654fef08859fe4fa186015507b00ac606eefade1541235fcc6202ebf5257a1311638511e

    • \??\c:\users\admin\appdata\local\temp\winlgon.exe

      Filesize

      118KB

      MD5

      3c1682b44391d4d3b5fe139adbe591de

      SHA1

      dcef82a3610e783616d3355db58fb2432848ebad

      SHA256

      27df47b138b55782eccaa73689141ac01c5b36d548c7c2559565f9cca504cd42

      SHA512

      7f191016bfb32a3c9a0d9b1bd36ec634287000c0e152451570a081b449914a7f78dfe87f1f6eaf306ecb29f4f04def97177c6fe8293edb266bd7a260e8c1a962

    • memory/216-0-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

    • memory/216-16-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

    • memory/3448-23-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB