Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ad9297c96b...cs.exe

windows7-x64

7

ad9297c96b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

  • Size

    192KB

  • MD5

    ad9297c96b3e7fd449cff844e955d770

  • SHA1

    cfa192f543b6de525fc06c98ff6c3e328b3cdbc6

  • SHA256

    4b22ac9b5f8b55317d59ea40db785712c898e0183e3d407d528914e6fc74afac

  • SHA512

    e97b4dfd267a2e628cf3e60a495820ff02d476e0e772ced0b84b3f6c2f86ec6b42cb8bdf6eda3b2d115f734a2b4e5648df42a81fde0ecdc6fef0a5da894dd57f

  • SSDEEP

    3072:U3gIMNOu00o71G8uySLnjN6t1si1DLoUPBt0wV8Cp0+cueGmlwo0yRzzYMK5V8Uh:U35Mn00UuXjqXoUYwZ9TsMNp21Q53BDh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of UnmapMainImage
      PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
    Filesize

    192KB

    MD5

    7ab913ebb96186ff19d65dd06f86233d

    SHA1

    381d37b3f8534c10cd532fd4e3fc905a3a5f8672

    SHA256

    68cfb2a1d92bcaca8b22179cc2fb5e44f4649f2175d0820ce92e4b2a5e34e877

    SHA512

    bfe639d60214aa8cce5c9bc78c499ebf6c367b2bd99d87cb0d592af3c5d172f13e53d6092ffa7195e81f6cd2b10672d345c1a1a45172ca1718cd82e7cd8945e3

    Download Submit

  • memory/1268-0-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1268-6-0x00000000001E0000-0x000000000021C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1268-10-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2860-11-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2860-17-0x0000000000210000-0x000000000024C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2860-12-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download