Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3504126f58...cs.exe

windows7-x64

7

3504126f58...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 23:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3504126f5879cb606d7f09f2f5ec1a00_NeikiAnalytics.exe

  • Size

    34KB

  • MD5

    3504126f5879cb606d7f09f2f5ec1a00

  • SHA1

    cb0d24852203fa11d979a75fbeb9e6b87fbd55c2

  • SHA256

    d9ef2c516e74ce8d597255c5d29570909394ff3f2f4a8778c00fddaaca79045c

  • SHA512

    4163cf8d7f7aff644075d5bedad5af51f4f0e43d5c9b59336795596c05c48ddec390ac89553221128999fe39e0b819d5ed6fea9b530f3c30e3ba1e3c336f2a8f

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhg:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wY

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3504126f5879cb606d7f09f2f5ec1a00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3504126f5879cb606d7f09f2f5ec1a00_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    34KB

    MD5

    38aee43b72aa21fbf18eeb5cd29e6ded

    SHA1

    0af8901f95bfc532abb73ff6e719cf673443c354

    SHA256

    a339d6fe313bf9f7a00e480d3c095279dc8b6092e6e2173ace2ad395df0848bd

    SHA512

    aea526309934bacd5173a13f4a3fa76f0ee325edc31ceb530f82e8289b5d94fff38fc032bf4d808a5556bde5937a734804dae5be615847976ca4973d9b0592fc

    Download Submit

  • memory/1688-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2852-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.