Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2024, 13:02
Static task
static1
Behavioral task
behavioral1
Sample
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
2649dc03a660a93d51e5a255764c2b70
-
SHA1
c39c2d20a67151dc6061a31fa1e1425a2cf5e26b
-
SHA256
76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768
-
SHA512
0479fe230358cb2a4122ea7434e48a81ae1514b1a9af7d61767a4c733b6463f172595f26e2b26f3d01fa197df7a8c4dcdba18035c16e532350c63e6ee7c3757f
-
SSDEEP
49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB/9w4Sx:+R0pI/IQlUoMPdmpSpL4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1500 devdobsys.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDot0U\\devdobsys.exe" 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\VidAL\\optidevec.exe" 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 1500 devdobsys.exe 1500 devdobsys.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 536 wrote to memory of 1500 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 88 PID 536 wrote to memory of 1500 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 88 PID 536 wrote to memory of 1500 536 76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\76b9286a1578eecb26f1903661e04b09a53f251be6c2c3dd2913adf7415c4768_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:536 -
C:\UserDot0U\devdobsys.exeC:\UserDot0U\devdobsys.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1500
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD502dfe7b522f40976f2c6384608400a43
SHA115f0c40ea11367bc9809f3e54d500e407dc38e4d
SHA256e9beff4282862fab35fc8ad4b1ee6dfc7a266e991b3eea29d82556d2f1c1440e
SHA5124ebd96b9cfab61f929860761641b86c05a78d1d99700c4a7e54c8633d7bd81a3a13676f6d357eb7d4de91a0fc0ce80c29b056c300dcb904c5296f0ca2d8fa85c
-
Filesize
210B
MD50b20a4f6e417702fa93548a308946cb0
SHA1bbefb7fb7792543b9df087d2ac03ccbcc6bf3ed9
SHA256b431efa7cffc640dcad7d9aab5a94590e7f23a7152bd2ae1eba057e140c6dae3
SHA512e28532a7c45c703997d0233b514b8bdd3f53c0eebf2b0ba4b7e77943eebb0c2ade05d94cf264efd9f66b080c958d6c65d7838f365b521040b90fdc82b0331c64
-
Filesize
215KB
MD56f4d48303718d9240772ef27378f4d8d
SHA1765ae0f2a1ad82d49548c0e5f3248976626a83af
SHA25620be322d14d645fa7e012e0ac70f2d0b221f8289c1633fd0115f5a4cb030702c
SHA51203059c399f69cd209cae4e7e2b7be5e1dcfba3667af4cb4f3ee0792b78b8585e205f40f57fa4b547fcdb7c1d027442be4e60b80d0457dc34cd82dcc54494e32d