Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0be854e0c3...cs.exe

windows7-x64

7

0be854e0c3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe

  • Size

    325KB

  • MD5

    0be854e0c3db3ead1141dcbdfe58d4a0

  • SHA1

    3a8af51e50daba2b8fdba855b7ad2df59f5c4cb9

  • SHA256

    bcffee5576f30b48c8119b2f761d1f924b0810795d53ec652c6a4c134ab9726c

  • SHA512

    31b4957a0886a83ab182070f43eabfb623228fc048e50e4bf10bf406dba277941a031d5379828e61862339d8e3ac6b889a5dd15ef7b62994b6d79fe18813e787

  • SSDEEP

    6144:lOuFuko0YaOtlP2Wc/hfRIIW6vh9QS1jBg46HPn6S1jBlCVZp6H:lZEAvOj8/hKITh9/1Odt1beZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
    Filesize

    325KB

    MD5

    1f7197e275be4b1bc52a15732fc98219

    SHA1

    716c98ce49b0c9add1898e1051d8a921c67003a8

    SHA256

    83a3b14a14d00882d4c75c9566de47959908baa2d0bb139523918bf9bf6abf9d

    SHA512

    7a02f3393bd7f3e32bd8ea429888ae958492da74fff5a7b7edd3f7dcf7f5bd1a3f45932069d4ce704cf9d2b3dc93c7e090b9b6cb456030431525bd41504044f9

    Download Submit

  • memory/2188-3-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2188-9-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2188-8-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2996-11-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2996-13-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download