Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7b443b8f64...cs.exe

windows7-x64

7

7b443b8f64...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe

  • Size

    71KB

  • MD5

    7b443b8f64de4145923bf413fe3a15c0

  • SHA1

    b18f907780198a153360cca8dff4a50b148422e6

  • SHA256

    d9084242f673cfe57fb2e8c9245a450ca9e50915c90ebf216384b1dca31f9a37

  • SHA512

    d970268561f67786dd44f7201f9dbf4f6939f0b891f4823c68de32cacd0ff7ac11c30a34d6d606ba0efb86f26c70c2b8ce719dbbbc30e8ab3addd64df564eb7b

  • SSDEEP

    384:MdPnITsHlTxk7ETVAyPyAtatgTkeI8rlHfuDLLfFGY2rXdSkxzyuafqr9KpteyNK:MdAT05xk7HKQ8xccJjIVqrzyuX

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Users\Admin\AppData\Local\Temp\hfdfjdk.exe
      "C:\Users\Admin\AppData\Local\Temp\hfdfjdk.exe"
      2⤵
      • Executes dropped EXE
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hfdfjdk.exe
    Filesize

    71KB

    MD5

    6069d40dc7d6d798421ba1d9bdc089f3

    SHA1

    262cb3f7f533ba101412e9ef73038a6a0b0e884e

    SHA256

    0a81d07100b12836840b9b3913cda45eac902bcf9249982d08875b52cf21d14c

    SHA512

    ec0d0738cece8349d943a04f87c9b43977337f60d6cd9632aae3b8b09a5483331e89135602827e54f620ed2b5fe99d642ea3b30748055940d2d11259eed0a609

    Download Submit