Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
30/06/2024, 18:46
Static task
static1
Behavioral task
behavioral1
Sample
12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe
-
Size
92KB
-
MD5
6f6e4498abac6cf5481da8505f66bbb0
-
SHA1
3a74f5a70778fe1321e62c0fa78ad323b7f7348d
-
SHA256
12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050
-
SHA512
1363fb27e06786342b6406805f3fc2bd6b0371754029aa92bef28b217fba5dae8fafa6c2d16454ac3733bb2ab0f88f4a5fd97ecd7279331984cb07af80e685cd
-
SSDEEP
1536:4ZSUOG30yTt0tJXxqR28XvNltenFXPpkPRdoL9J26Cel3qa:aoG30yp0tNxqRfteF/pkPRdkCeca
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2976 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
pid Process 2976 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
pid Process 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe 2976 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 108 wrote to memory of 2976 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe 29 PID 108 wrote to memory of 2976 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe 29 PID 108 wrote to memory of 2976 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe 29 PID 108 wrote to memory of 2976 108 12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:108 -
C:\Users\Admin\AppData\Local\Temp\12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2976
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\12430f68084cb3efc362fcf69f694d1b688aa1dc467c4d3b21e6977874b6e050_NeikiAnalytics.exe
Filesize92KB
MD5e4136072170933a652700ea816b65c57
SHA1c9b54f0e2ad589fcf0ad7ce7065037c7277bc01d
SHA256433ef3da765530fa55b8464c729bad909ab8c3a3965958e926bd7f03c6efeb68
SHA512016eedfe82da8d08e3d625af6d1d0b0a6fb9d94725610525e289494c08c25f57f3e3887418a3387af71c7cd1f185304f0a9ce4ded1ac4f54221535b9d4cf7f9c