Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27/06/2024, 10:10
Static task
static1
Behavioral task
behavioral1
Sample
7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe
-
Size
784KB
-
MD5
14d80c67380942f50a1a0114ccce7590
-
SHA1
583d9e530c224bb043d5a74f99e6111c8f3096c5
-
SHA256
7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c
-
SHA512
6fba9e27f209d2362eb25343d35dbac5fb2cb3ce6cd6171f6bca005f9f2b436f09c9dabc29cdc87fb490197ee73cda2acce10b703631fb6c90e4017d205fb510
-
SSDEEP
12288:4jauDReWsTfI0Wq8OW4yc0FehQBbj5xW/HR/68lr+t4vLFt7X04uPuR7GbRErgcF:4DD0DN8TWxrFgrYTW98
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2296 sivmg.exe -
Loads dropped DLL 2 IoCs
pid Process 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\sivmg.exe" sivmg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1088 wrote to memory of 2296 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe 28 PID 1088 wrote to memory of 2296 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe 28 PID 1088 wrote to memory of 2296 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe 28 PID 1088 wrote to memory of 2296 1088 7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1088 -
C:\ProgramData\sivmg.exe"C:\ProgramData\sivmg.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2296
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
784KB
MD5e7374ea44307dc7e04875b92dbefc1e0
SHA1af36555d77336ef7042675c90704f66154dba0cc
SHA25637eec124f53ee2badab5b76475edc715fadc4f99021d4453d73222f25c1d1814
SHA512a188f1166f3076333d5cb4b84c8822eedc6098459258e7538ec9b8a777b42f3394a993b1c0f30950ba129e0f569ac253834d4a1a6d6d882ef30b7b01ce9d989b
-
Filesize
136KB
MD5cb4c442a26bb46671c638c794bf535af
SHA18a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf
SHA256f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25
SHA512074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3
-
Filesize
647KB
MD521ed61375199bb3b1a27721abbbf54f0
SHA1643ae403edb6af2949dc1778fc644b727447442c
SHA25611f0e89b72fc62658c3a36363a40ee31c9875e2293853238063e91b4a2e50a3c
SHA512dbfbccefe92c9d5bff4b35b6c6956981da39d6d8108e26d06e87ddffa6e6dbba1d5b36433086c7e94e1de1a58ccbd3160d44f3d9b783e792b131d48f337598e3