Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

b79f43094c...cs.exe

windows7-x64

6

b79f43094c...cs.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 09:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b79f43094c129bfabb09275938832b90_NeikiAnalytics.exe

  • Size

    52KB

  • MD5

    b79f43094c129bfabb09275938832b90

  • SHA1

    da6d1dc6f180c2461210f9cb25b6698931284236

  • SHA256

    4f05803747de7da4fb8d16844eb1cd1015b39103980b6d46b73c54fce6c6e2ec

  • SHA512

    73291d8284f2678695fc614d6ca75c80d784ddfe89c886d608848912d3253f876ef36104ee7c2c81df74a17ae7aac53bf67d4c7264bf05224330a857a3430128

  • SSDEEP

    768:zUJRwokqmnZA8LqPCR/cZoveftjXmO67Z893hmh9m1dYheKAFZ+yw2qgeBIjw:zUMhbNR/LeVUT81weKAj+n2lz

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b79f43094c129bfabb09275938832b90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b79f43094c129bfabb09275938832b90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Users\Admin\AppData\Local\Temp\b79f43094c129bfabb09275938832b90_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\b79f43094c129bfabb09275938832b90_NeikiAnalytics.exe
      2⤵
        PID:720
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 432
          3⤵
          • Program crash
          PID:3564
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 720 -ip 720
      1⤵
        PID:3068

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        75.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        75.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-be
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        88.221.83.232:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Wed, 15 May 2024 09:11:40 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.e453dd58.1715764300.60bece2
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        232.83.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.83.221.88.in-addr.arpa
        IN PTR
        Response
        232.83.221.88.in-addr.arpa
        IN PTR
        a88-221-83-232deploystaticakamaitechnologiescom
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        17.14.97.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        17.14.97.104.in-addr.arpa
        IN PTR
        Response
        17.14.97.104.in-addr.arpa
        IN PTR
        a104-97-14-17deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.173.189.20.in-addr.arpa
        IN PTR
      • 88.221.83.232:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.5kB
         6.3kB
         17
        11

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        75.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        75.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        232.83.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        232.83.221.88.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        17.14.97.104.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        17.14.97.104.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        2.173.189.20.in-addr.arpa
        dns
        71 B
         1

        DNS Request

        2.173.189.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/720-0-0x0000000000400000-0x000000000040B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/720-3-0x0000000000400000-0x000000000040B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/720-4-0x0000000000400000-0x000000000040B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/720-5-0x0000000000400000-0x000000000040B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/3172-1-0x0000000013140000-0x0000000013154000-memory.dmp

        Filesize

        80KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.