Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0be854e0c3...cs.exe

windows7-x64

7

0be854e0c3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/05/2024, 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe

  • Size

    325KB

  • MD5

    0be854e0c3db3ead1141dcbdfe58d4a0

  • SHA1

    3a8af51e50daba2b8fdba855b7ad2df59f5c4cb9

  • SHA256

    bcffee5576f30b48c8119b2f761d1f924b0810795d53ec652c6a4c134ab9726c

  • SHA512

    31b4957a0886a83ab182070f43eabfb623228fc048e50e4bf10bf406dba277941a031d5379828e61862339d8e3ac6b889a5dd15ef7b62994b6d79fe18813e787

  • SSDEEP

    6144:lOuFuko0YaOtlP2Wc/hfRIIW6vh9QS1jBg46HPn6S1jBlCVZp6H:lZEAvOj8/hKITh9/1Odt1beZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 384
      2⤵
      • Program crash
      PID:1564
    • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4196
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 368
        3⤵
        • Program crash
        PID:3940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 188
        3⤵
        • Program crash
        PID:4548
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2176 -ip 2176
    1⤵
      PID:4088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4196 -ip 4196
      1⤵
        PID:5068
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4196 -ip 4196
        1⤵
          PID:3904

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\0be854e0c3db3ead1141dcbdfe58d4a0_NeikiAnalytics.exe
          Filesize

          325KB

          MD5

          22799ff4ecb120cf90a73f4137bf51bd

          SHA1

          26a652ad8df78b91a61bb29360f79ad7dd7395dc

          SHA256

          c83892c392fc36d9058e2993069c6ea9ea3164602e52177904671e0eb3c50dee

          SHA512

          6159609f8a830e11be297f226af457d7f8c50c719452ff9a08743f1ec050576cd610f802d50682d5bbc56fec007a59d2723beff5c84c0b528f4cd1ba21a9ab8d

          Download Submit

        • memory/2176-0-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/2176-7-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4196-8-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4196-10-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download