Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 11:38

General

  • Target

    5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    3e4e34dcc4d4561322639a808174aac0

  • SHA1

    602bd517b1caa0657638dc012f8bb15c5866478f

  • SHA256

    5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522

  • SHA512

    ad42342bb841fa0799c0c7abcc975acc070c777e6f99622018b4abef665ce847be51b40f53b8ff409be10d426e9506e37203e57cd1b032221d2868fdccee17db

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpl4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmu5n9klRKN41v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5ada59888a68bc9151480df48c7b17ea08be4285942734f0277783b1193c5522_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\AdobeJ0\abodec.exe
      C:\AdobeJ0\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeJ0\abodec.exe

    Filesize

    4.1MB

    MD5

    69a2841ae85b605fe7db2ff42d955685

    SHA1

    e145524255b678be894356ddf5533ded09d9efd5

    SHA256

    5abb82167c49a02c220ae8025767f8d6db30be93a38a4c39c260d121ddf2252e

    SHA512

    9bbe60b34989d79c2b36c3e5bc1b0ef0d8b809d3ffdb8a0a14961f5b61e815631775f83cbd7c4929017ee560ff9f1db69c5356badf998f52bfb1bf58a43fb983

  • C:\MintX6\optidevec.exe

    Filesize

    4.1MB

    MD5

    a36136e942bb0150ff8fe854f2ec5dc8

    SHA1

    58d630ac3cebec6e52659408d89af559f180d900

    SHA256

    2781c38372834e348e9db42e0bf3e0077699381d3cf1648868619f8db7196f9b

    SHA512

    e3213da073b883129555ec656df226ff29f057748b01628d978671ba07804de99538f74f2de15ec95c4079c276fcfcc17554b9c5e6cba872f86c131950cc2b1f

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    201B

    MD5

    76574617056f79ab89dac9af72faf514

    SHA1

    22d0a416c1341ddd4ca4a44ac1945c7210ddab61

    SHA256

    380e28c97c87d9ace37b937b2439d4bba0576d1f6cbdbc8abc3410e4e0c2b738

    SHA512

    831eb5d12b1420d5363adeb5f94317c2e06f703b9994dc4e68240240010f156fb91ba86bded3c39a15e2ff3c2ced3b36f751aca1b08a4dc78de8a830f9ee6b90