Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

34cfddf586...cs.exe

windows7-x64

7

34cfddf586...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 00:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    34cfddf586011ee8ec3abd7e186b66b0

  • SHA1

    a0c3f65bf87d6cd5bda2b20c2a118a400887e7d1

  • SHA256

    2cab6e4e41d9c2ac64a33dbfc739fabbfc21a71ddbcd28ebc416842894f22f2d

  • SHA512

    ef58479722074ef90de5ba4377177e78b0760c9101c72c8ef72c1cb93bf3dd92219d4c225314eaa270e9ff441635259634e7b7c9c0e63bc0af6eb43e261a7d29

  • SSDEEP

    1536:zvxVDuD1AYrOQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvPqT6GdqU7uy5w9WMyON5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\34cfddf586011ee8ec3abd7e186b66b0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    Filesize

    79KB

    MD5

    538a5a7a99148ac1a6867df3967db5a8

    SHA1

    e91ff3c01aef37ab53062338fa77c81dc511c3aa

    SHA256

    043372a05da11dd7e9f03feb054785dfd23f27352595d24b3c9682e45533ce72

    SHA512

    3b6cc9eccdb5730952ea35fd6882679ba9d968b4e7ebad9cfae4467b479a1aa01c55abcc9b7e29592a0545ceb4af50ff39ef73c793bbd52ea2d60ab7e0f51288

    Download Submit

  • memory/2000-7-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2044-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.