Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4ad88f7b07...cs.exe

windows7-x64

7

4ad88f7b07...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe

  • Size

    897KB

  • MD5

    4ad88f7b076a93ba59b1bd0d41f1d8a0

  • SHA1

    a02f31ce810c248f8e8c6133709774fd234f1363

  • SHA256

    d40fafce31b1ad2f89784384718cf7ad4f8b04063e8e1415054593baf49858cd

  • SHA512

    89817bf45de82899b7e46dd0702d1889689c8d62400baf85f20daaec3fe6e68c9fe00bdc042c0977ae57b839411fdd3fff94e280aa2a2ade42034c2a64303faa

  • SSDEEP

    12288:x9wq8Z4wGk39EhvG3U5s0Kh4SjVDa/ZSVD0:38tVtAK4Qa/ZSVD0

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4ad88f7b076a93ba59b1bd0d41f1d8a0_NeikiAnalytics.exe
    Filesize

    897KB

    MD5

    0584efbe90c263b5240354f8467f4b36

    SHA1

    a10aab0f4f54b6c01d40b9d2f7134318dd7197a6

    SHA256

    e7e1ea05ee086b9dcba1d0ff13f0cb87421f36e4c2bb0875d93f056e13192426

    SHA512

    3d49e6566dcceea5fd340e1616ac1afa0a6c27bb1a2018175c9fa93e329eafec8877807c890af4601f32cfdb641a93da09cc3b2a8eb254f82a806df1e4fd165c

    Download Submit

  • memory/1540-9-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/1540-10-0x0000000002EF0000-0x0000000002FDD000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2208-0-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2208-7-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download