Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0be854e0c3...cs.exe

windows7-x64

7

0be854e0c3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 19:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe

  • Size

    325KB

  • MD5

    0be854e0c3db3ead1141dcbdfe58d4a0

  • SHA1

    3a8af51e50daba2b8fdba855b7ad2df59f5c4cb9

  • SHA256

    bcffee5576f30b48c8119b2f761d1f924b0810795d53ec652c6a4c134ab9726c

  • SHA512

    31b4957a0886a83ab182070f43eabfb623228fc048e50e4bf10bf406dba277941a031d5379828e61862339d8e3ac6b889a5dd15ef7b62994b6d79fe18813e787

  • SSDEEP

    6144:lOuFuko0YaOtlP2Wc/hfRIIW6vh9QS1jBg46HPn6S1jBlCVZp6H:lZEAvOj8/hKITh9/1Odt1beZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
    Filesize

    325KB

    MD5

    1f7197e275be4b1bc52a15732fc98219

    SHA1

    716c98ce49b0c9add1898e1051d8a921c67003a8

    SHA256

    83a3b14a14d00882d4c75c9566de47959908baa2d0bb139523918bf9bf6abf9d

    SHA512

    7a02f3393bd7f3e32bd8ea429888ae958492da74fff5a7b7edd3f7dcf7f5bd1a3f45932069d4ce704cf9d2b3dc93c7e090b9b6cb456030431525bd41504044f9

    Download Submit

  • memory/2188-3-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2188-9-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2188-8-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2996-11-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2996-13-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.