Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01/07/2024, 06:11
Static task
static1
Behavioral task
behavioral1
Sample
3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe
-
Size
32KB
-
MD5
ee12b036af35633f514c32eb26573290
-
SHA1
e89ccca2741e1ff6358d5b64a120e3a97c8ef64b
-
SHA256
3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48
-
SHA512
25d6e7db064e48dd41e22a8b6962ee4c21f841d2e78efb28ac490b2271d3b61333ff9a4f3fa4c11a222eb27980f7507a29c468d73f5db2e216bd522fcb66cf73
-
SSDEEP
384:Q98xUHQA18Vy4Ng8zLeirerI2Z1JQad0k5yQhbj/djEVvUPX4fOg:Twi/gopT22Kjj1wVvUPX8Og
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinHttp = "C:\\Users\\Admin\\AppData\\Local\\WinHttp.exe" regedit.exe -
Runs .reg file with regedit 1 IoCs
pid Process 2916 regedit.exe -
Suspicious behavior: RenamesItself 2 IoCs
pid Process 864 3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe 864 3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 864 wrote to memory of 2916 864 3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe 89 PID 864 wrote to memory of 2916 864 3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe 89 PID 864 wrote to memory of 2916 864 3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3b0daa2c54108b4427106ec84e5c864fd0d95f349940bbbf329cb30f83e3df48_NeikiAnalytics.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵PID:4252
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
166B
MD5f44153ef26be29552cf320325ad8b72e
SHA174ac72ba2ff0f871e59b11c95ad707372662370c
SHA256767009fb8726500a4bc54b2ee744cc3ada64fdf16a44e22ff9dfe7652e2a439f
SHA5121d42a4dba1d8d0df9f8fedfba384ffdbcff3103c8ba360f255b5d7e8a46128f40521e4d16cf6de04365b3b6ffad8bc681cf7042d92867ab3d912601a3d5e6e65
-
Filesize
32KB
MD51be3bae74431749eea6d8381bc55f04a
SHA1bb7ef34344c6cab0e0b093b24407cf9f4552a194
SHA256eb8f2b89e88944642930aeb5f7629cb46cb4b9729cd72aaab0ef754116f74697
SHA512a05aa1c11fd8fd7cdca7f3b4b063581300f8c03c22f0a378a8870dab3ba5c4582be9966806e2676e67496329d38e2062a914f565c3a19336d18fec0f50e76e1b