Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

63047fc25c...cs.exe

windows7-x64

7

63047fc25c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63047fc25c05a1bde4471bb07d691630_NeikiAnalytics.exe

  • Size

    74KB

  • MD5

    63047fc25c05a1bde4471bb07d691630

  • SHA1

    93c28f1b90fe85bea3fa647f791b904fda7ae592

  • SHA256

    b1cc805032f6097c10dbb13811c55a64f3d6d5ade89cf3b4b42e7ab369e5f9ba

  • SHA512

    32526f27660934406be3bacb62f6d2e6b48a78a0c7ec07cef28f26c0755129b69078002f168f6ca98bfc14fe41ae9c6af2ca52d7a489436eca9a329ff4f3529b

  • SSDEEP

    1536:1HIVaam4XFsej94BpTjtkP0pzHrlFAREEP7VtmmH6O+nBI9M:qVaamMsA9CtkMpzLHHEjqmH6O+UM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63047fc25c05a1bde4471bb07d691630_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\63047fc25c05a1bde4471bb07d691630_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1636
    • C:\Windows\SysWOW64\ovsutoax.exe
      "C:\Windows\SysWOW64\ovsutoax.exe"
      2⤵
      • Executes dropped EXE
      PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\ovsutoax.exe
    Filesize

    71KB

    MD5

    b1ab562ee8f1230bfbd85aaeb5e51771

    SHA1

    f5756cd3dc7445d40d631e7967b171edd7471e31

    SHA256

    7f6a06de321d50c3d7f8c27c8033fbe3053aa65393ea1862347e81591bc877aa

    SHA512

    6dcaa37996918ab51916d1934f86a8ed51d8af633a4470cd035fcb8ac9ed36c2bc28d63f2fc6c920e37dc63275f35646536b46ff665e9acc243e52c6e8a1ad3b

    Download Submit

  • memory/1636-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download