Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a318b73d14...cs.exe

windows7-x64

7

a318b73d14...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a318b73d14ce9e5cd9a4f9509e012ba0_NeikiAnalytics.exe

  • Size

    51KB

  • MD5

    a318b73d14ce9e5cd9a4f9509e012ba0

  • SHA1

    0f7e58d8875a8bb7a54db4b9cf286eb6b0cc350e

  • SHA256

    4f0ab1e6278aaa9f31a28d8043898ef9ee4578580350228ec2efe4ef61244418

  • SHA512

    27fea7704290181fd623d44558a50d2dcd0456af2b3c4cde07e81cf75f86bdd162cbe3c72d84accfdb74c8ee68fe128b566e6bf2092a75ad6788f34f5c1a0ac3

  • SSDEEP

    384:kguzjEChqLcBsFNQiviL//U8fYpDcrfiTfEvkx76lc7AgWy9EwMt7CKAIINk:klAL/vW//pfsfn76OAASCKAIINk

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a318b73d14ce9e5cd9a4f9509e012ba0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a318b73d14ce9e5cd9a4f9509e012ba0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3204
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:3396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\budha.exe
    Filesize

    51KB

    MD5

    fee9fbe89c36488b068346d4cfae3770

    SHA1

    26e9b01088b2cb509a0d75f269eed6119ad9c07b

    SHA256

    e4a4d87d0f3338f856fd70025330bf4c7e1482676914eaa1314f44d5dbc03970

    SHA512

    9131b8c76d8b4d2be4afa8c8b7ec6c2a35f782c7733d69e80e3db871275e1f4071b5af9f21aaa89ae46b360f3070138052894f8d34ae16e63e2a96de86e380b0

    Download Submit

  • memory/3204-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3204-3-0x0000000002470000-0x0000000002477000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3204-2-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3204-11-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3396-12-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3396-14-0x0000000000610000-0x0000000000617000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3396-13-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3396-15-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3396-16-0x0000000000610000-0x0000000000617000-memory.dmp

    Filesize

    28KB

    Download