Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

51c667d26e...cs.exe

windows7-x64

7

51c667d26e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51c667d26e8230b83674869ca284ddb0_NeikiAnalytics.exe

  • Size

    661KB

  • MD5

    51c667d26e8230b83674869ca284ddb0

  • SHA1

    b413670dd99931063fb017c4eeccc508eb8cfb52

  • SHA256

    df72030f7a75ffcf20c418b7a14f556e75972eae3bfb172c76155ddddce8efbc

  • SHA512

    854586895e4cf7f3f59b5cf77c7642c9fdefdd266ec763feef6cb3f6a0afe5b2809aa27cd30c88b130851d78c475f51a917a2f1d75f4750d565d437ae5ba5062

  • SSDEEP

    12288:0YCdihe7w88l2sIznXWRkwk05FnAKsA5B7Zbmwfjz+hgTPMquHl6R5:3Sm08wsyGRv5Fd7ZbX/+gTPM2R5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c667d26e8230b83674869ca284ddb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\51c667d26e8230b83674869ca284ddb0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32 C:\Users\Admin\AppData\Local\Temp\lzhauto.000\copyext.dll,Install C:\Users\Admin\AppData\Local\Temp\lzhauto.000\copyext.inf
      2⤵
      • Loads dropped DLL
      PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lzhauto.000\COPYEXTW.EXE
    Filesize

    100KB

    MD5

    92737cd97ae1575e4b6cafefab961d02

    SHA1

    ec00805bcf13273927383fc7d775866c134029ad

    SHA256

    52acd3ab8ad940f946dd78a7b50b535178207bcc30fdad0e5dd4074369353606

    SHA512

    5854e6999d333027a086bbb61068e7b8835e070d4a611de24e94f63f915c83701f21be96b61e113eb2a3916e29773dee5229c556a6d0545b85fb478f2d5a62bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lzhauto.000\copyext.dll
    Filesize

    380KB

    MD5

    e7768c29e5257a3d79a48aeb60c49fcf

    SHA1

    7ba3b53bea937d478bb7afdc25fd6a9736d7b0f0

    SHA256

    add1493060425c9894afc17088c950e2c33ed1049378ba75628a660562fe0b06

    SHA512

    6b3abd6020603629bfc117c45dd84bebcaee941b917ff49167718ee7381d9148303a70ff5450afd733dbb02159c11aedcb51241936c56b63bc75be72ad6328b9

    Download Submit

  • memory/1912-32-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1912-61-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download