Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 12:41

General

  • Target

    7418a0fc01b8a7ad020f205e113496b1427b18d868620b5ecebe0835ff9208ca_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    a2175b6ea9c69be8f6880a80bc2a2b50

  • SHA1

    c9df94eadac113b8f4258feaf5686087590e386f

  • SHA256

    7418a0fc01b8a7ad020f205e113496b1427b18d868620b5ecebe0835ff9208ca

  • SHA512

    f373870cb7f52a302ef84c555b8ce61b3784cb67d080205a858c9321b9a024a2b9286c9f40406a83afabb506d8a8691bd7b6ec838c9ad80189c249eda35138f8

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7418a0fc01b8a7ad020f205e113496b1427b18d868620b5ecebe0835ff9208ca_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7418a0fc01b8a7ad020f205e113496b1427b18d868620b5ecebe0835ff9208ca_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3788
    • C:\FilesWC\devoptisys.exe
      C:\FilesWC\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesWC\devoptisys.exe

    Filesize

    2.7MB

    MD5

    0f3f0d9f2c3da3354927f1c4991be7a2

    SHA1

    ad97cfab5e0f30e761021280730f61f2834e8f44

    SHA256

    7f79f8a93cdd3b8e4580af872d58ac6b3a15c006237dd1d9ccc031f22df2303c

    SHA512

    aae4a1c0a4b349f7d0645954f9dabfdcf8e5c9689887cc33ade6077d6d3cb92114a7c960bac7e0952024ee0410c437aa1393c330cfb7a2803ef0b3c616f7d736

  • C:\KaVBZZ\bodxloc.exe

    Filesize

    2.7MB

    MD5

    4e71c5ebe9d31a55988390b7266c948c

    SHA1

    26a5a117de61823614bd85d72e34e201b1ff2f18

    SHA256

    40b5656c7b34284e2b6f9f33cf8d8a6fc255cbb8e9ec0982396feb565c81632e

    SHA512

    efd85e04eba11c70228a6fa4cc92041492322a05658748cd2a63e9cdb48e7e2352359654d6c979276237048e3af555ed50fdaf9e97f779ae555cbeb124ea290a

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    205B

    MD5

    8fb43ace655e499fd60dc9f73dd57c26

    SHA1

    6f9671a3f5af73ff222080527c4dfc0f587bc544

    SHA256

    3c325ef2058fae779d41ec7a77432cccdd270bcf517f746163b6e96afc7dd030

    SHA512

    468ada2679070599a048122111da58f89cbe0c4d1243570136e51ccd5027c5b3630f27fd444211d0d9a2bcb80caa54a0362aeac277add9cc3630359220c7e9c3