Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d32d824838...cs.exe

windows7-x64

7

d32d824838...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 11:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    d32d8248385f04ca5053f1d9c14d28d0

  • SHA1

    4c24038b7f14d102cb36d97735e0d76579a5576e

  • SHA256

    40145cfbe54bb420e1af7808a1fae3d0fe8dce988b6492a5a70635e188a7093c

  • SHA512

    129bf4a1be0e2002ff2af2e2ced64984511d73b4d811d2e9cfbf4069cda31972f036b554209def297ec3a5d0ba62578f279c351362ed702f9acce0a0c1c9e88e

  • SSDEEP

    12288:AjauDReWw0IA9xkQWrutKXJ7f/BDWxQ1LqpdTd:ADDs0IA9x0rutK5/BDj1kTd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d32d8248385f04ca5053f1d9c14d28d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\ProgramData\smqmw.exe
      "C:\ProgramData\smqmw.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    480KB

    MD5

    d8d73f67fc663f10ade247361deb1d4d

    SHA1

    a8e0338a853a0fb41369fa3e0fa17d5a955c753e

    SHA256

    cf43d9cb0bd1a3bc70bf0450b4a7d3296d118f288fa8f93923d1c9137be77d6f

    SHA512

    99b459c7dfbc16d5b357e14a4cf9a32a801d36bf5ec3abb5b9f685380c09561f3212849c9b3881c8989e282783eb34a74473c5643e02adb1cfcaa7aa1a5a92eb

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • \ProgramData\smqmw.exe
    Filesize

    343KB

    MD5

    d501436a202776134947be29d55ae6c0

    SHA1

    0061da84ac614bc7649e20241595b90cb6d6132d

    SHA256

    d6901f65c1d3f8ba03311d70cf7647c35d67d79c517ee8a99573ce0e344ac7ad

    SHA512

    94a9e892421f8fdbdd7cf12885667eac3393e956a19edae9684e4b53b5e2f408d8145ee649b06b3141f929bcb5fb51704b996781a169069327c9cd8a5e76d143

    Download Submit

  • memory/2504-131-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2656-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2656-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2656-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.