Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b74c8c560e...cs.exe

windows7-x64

7

b74c8c560e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b74c8c560ec3375eed7bbed69332fcd0ac28790fd6d453a547800cdd6cb4f5f1_NeikiAnalytics.exe

  • Size

    3.2MB

  • MD5

    1ec510f8c751490461f66c5ca0efe080

  • SHA1

    54b619155fcc84d6ea04d41d38fbc8073c7cfd89

  • SHA256

    b74c8c560ec3375eed7bbed69332fcd0ac28790fd6d453a547800cdd6cb4f5f1

  • SHA512

    c66b44935f3fe045105a3ca8a8b23c00d33be8701614a43b2c3128a38ae33956bc5c6bbdc547a17f1d53b9e68d8f84aee560c9a8edd9ac86d1f4ac3a5bba2ff2

  • SSDEEP

    49152:Bdx56xYcIcuHcKAH2IgGXikE2I6wdD1weda4NVk4aZ0uyj:Bd6x/IcuHcKAHfnEqwdDioa4NiK

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 25 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b74c8c560ec3375eed7bbed69332fcd0ac28790fd6d453a547800cdd6cb4f5f1_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b74c8c560ec3375eed7bbed69332fcd0ac28790fd6d453a547800cdd6cb4f5f1_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3580
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1424
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:448
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:32
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3740
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:416
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4716
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:82948 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:180
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:17414 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4140
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:82960 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:32
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
      1⤵
      • Executes dropped EXE
      PID:3136

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      3.3MB

      MD5

      91429bbb1e41a374cfb5bd34e23d4648

      SHA1

      03952f846dd860044b8659609f928227567f69a7

      SHA256

      2c5482c6300adf7f9c76f3cebc6f610f1c93abbf2623a619032c350ecf24f58a

      SHA512

      59f1e5a17fa39d8150c8f00dcf427fcf901205d5443230ff0306673a3dddac6f70b23f46ad8f59aaac1b8350429bc56edff9a31b0045306d431d904868aa6f60

      Download Submit

    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      Filesize

      3.3MB

      MD5

      83ca411483f7980775aff1296ef96e73

      SHA1

      9848b253c0ad8728e3cd2096838a211c6174e01c

      SHA256

      c7041b586687be7b0e6a1774a291d6657bf32efe459ca6faeb537358d6fdc461

      SHA512

      9609978976ef45289b01c970b116300e3688ea5439ade2f356a54e6a9cc603d34f065361fcd04d01c63b7678ed8bc661f200b6a84cd5dea876b0b652ab36c926

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\brUSRAjDF[1].js
      Filesize

      33KB

      MD5

      54285d7f26ed4bc84ba79113426dcecb

      SHA1

      17dc89efec5df34a280459ffc0e27cb8467045ab

      SHA256

      b0754afe500a24201f740ed9c023d64483ca9183fa6361d759bb329462d25344

      SHA512

      88afabcad8dbb0f49cdea27c64783ec98ece295f139d50029d524950a5b40a7971f033529f7b60e5acdef5f0576bdcf107fa733bf439cc76693b654ebdd9a8df

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
      Filesize

      3.2MB

      MD5

      1b0b09ebec42b5e43e329181be617855

      SHA1

      453f4b22ffda465606668aa2210d6a1eaa7855cd

      SHA256

      5abb9a1a71bb3f9185691754b895bd81978d88841ba12f78db851496e734d605

      SHA512

      7c5738662354e8964a1545af12735d53ac57ffe4074ad7e2cb74a6a49a4b57f2a3e1bbe96c3a6260ab0fc982cc53eb63fcc8a549107a3892953e275ec1b4d089

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DF6441D297B877DEE0.TMP
      Filesize

      16KB

      MD5

      6d2c5217caaeaa2c4f6ed41beb851fce

      SHA1

      f80b0e1885580d2bc6a298f2639b312ff999467a

      SHA256

      38545f25753b23f54d8b94ad39beec4c44d96b5f6a704dfb7271e591108461db

      SHA512

      a575b1ce9b245c5aa3b6cf275db62f8da34019a7d23f4ef990abff723a3c6ab232aee8f2ab636e53ca7dbe5731552baf2d38600292227d106088e0fc50552bdb

      Download Submit

    • \??\c:\program files (x86)\adobe\acrotray .exe
      Filesize

      3.3MB

      MD5

      604933b6c71c55c8a9ee9333c4886fb7

      SHA1

      ff6245b45e99c97a6ba599644d8ea727eb9b157f

      SHA256

      c2d438f1e28a3a15802b7835446bf9b7f322af1e459b6a2904f172fe1b773e48

      SHA512

      ca7117e2417eb42bea03b3c18206a588f886348d96fec187f3b912c35a3c2c901ae63a0c7b3448b5f36df3cbea2cc407fb709b1cd6bc364a3c896e0effb93667

      Download Submit

    • \??\c:\program files (x86)\adobe\acrotray.exe
      Filesize

      3.3MB

      MD5

      999775f23647822d4226cdbf9ee02a3b

      SHA1

      aae0fde84b23bfed25c3d639336f54f0a6f334b4

      SHA256

      11b87eb68d8c7bbc77523f06d62662442145fb1a74e675dde59f5c475ff96296

      SHA512

      e6060c99a035c43dacbcfaa032d9366c2e4626b719b6fd8b3a0db996e33f1067586c0403a8678b56f2a7a702778e1525fbeff91583a34610d2e9754794243144

      Download Submit

    • \??\c:\program files (x86)\microsoft\edge\application\msedge.exe
      Filesize

      3.3MB

      MD5

      6ad32c522d36019a0f473afabcd65c84

      SHA1

      7fd96f4adb9c213cd40b601015715c760a76ea59

      SHA256

      4762c31a5242f147a7a2e20ca8acb7c2efe8a5d4c46256f478f0fc7597360811

      SHA512

      7789ca3393e1870b7ce06825676ed9b198796dee919cf4cf7790cc2e7c37d09f00b193419d4f403bee1b42cc305e95fe0d4f8651e8824ab7e1828f53bf626e11

      Download Submit

    • memory/32-75-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/32-49-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/448-74-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/448-48-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-27-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-120-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-136-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-135-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-134-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-46-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-133-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-19-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1424-132-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-131-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-34-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-76-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1424-119-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-78-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-107-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-80-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1424-92-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3580-17-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/3580-0-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3580-2-0x0000000010000000-0x0000000010010000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3580-16-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3580-1-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/3740-79-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3740-77-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/3740-82-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3740-18-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3740-20-0x000000007FA70000-0x000000007FE41000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/3740-47-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3740-83-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3740-28-0x0000000000400000-0x0000000000DDF000-memory.dmp

      Filesize

      9.9MB

      Download