Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

4f4ca1c6d5...cs.exe

windows7-x64

7

4f4ca1c6d5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 19:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f4ca1c6d591e04bc6994de0a5e2f650_NeikiAnalytics.exe

  • Size

    111KB

  • MD5

    4f4ca1c6d591e04bc6994de0a5e2f650

  • SHA1

    417552b2b510e2e7496a26d38376dcf3e2404a05

  • SHA256

    02a2bb3a771f4517f04900e23cb73f4b94d7d8190152fa2fd337efd774cd2d46

  • SHA512

    6b141b56a0627c09021bb02b212f5b28b59d7e0850a77ba4b606514a351efe444a59acce916aa2a736a1c730def1423a70c748aeb88de0a5fad1eca359278bc5

  • SSDEEP

    1536:ELNIW39SaZTbFARlq7jC1OZstZu0TSVEdUJWTWd18ff:ELlbZTZX3BAtTSVEdUJWTWd18ff

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f4ca1c6d591e04bc6994de0a5e2f650_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4f4ca1c6d591e04bc6994de0a5e2f650_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\ProgramData\Graphics\guifx.exe
      "C:\ProgramData\Graphics\guifx.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2332
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\4f4ca1c6d591e04bc6994de0a5e2f650_NeikiAnalytics.exe" >> NUL
      2⤵
      • Deletes itself
      PID:3068

Network

    No results found
  • 165.194.123.67:443
    guifx.exe
    152 B
     3
  • 165.194.123.67:443
    guifx.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\Graphics\guifx.exe
    Filesize

    111KB

    MD5

    6b14c587256355442ea2e8344d6fe886

    SHA1

    f1dae5a610290781abd982fce685e36860f3a523

    SHA256

    4aacb05544716ff6898656c0453e003ec9f18d29ff9ce223d68d7938701ec1f5

    SHA512

    f6a3cb99e0567b089e09a48dc4e3fb7f0110991d69a6b7aba45c3067ed00b9c519b9e7a135f366ab12de03d93be71cc26f9cc2a2c8c00e8c08d9b01ecbb89580

    Download Submit

  • memory/1752-0-0x0000000000950000-0x000000000096C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1752-6-0x0000000000080000-0x000000000009C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1752-8-0x0000000000950000-0x000000000096C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1752-9-0x0000000000080000-0x000000000009C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1752-10-0x0000000000950000-0x000000000096C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2332-7-0x0000000000080000-0x000000000009C000-memory.dmp

    Filesize

    112KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.