Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d71f0a6b00...cs.exe

windows7-x64

1

d71f0a6b00...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d71f0a6b008df11b48d134744d8ff9a0_NeikiAnalytics.exe

  • Size

    775KB

  • MD5

    d71f0a6b008df11b48d134744d8ff9a0

  • SHA1

    b2629d74ff1479d9add9bdb4433d0683b5ce064d

  • SHA256

    afef414d0c77ea240e7a3386bb18738b2ec0e227fb38f58b05831e20009cba89

  • SHA512

    efddf411b280cede7668f5e0ba927f91daf5aefa9b70decd24852cd52dc2520e5c47181eb4f11126e6b8ab554acd0ea54486afc8feda90eb4125820a1cd332e4

  • SSDEEP

    24576:OAnARmRsDwJxmj7TduSZpUR0GHrVQ1aW4mSOgv3isi:OXmRsDwHmj9pAHrVQ1/fSNvi

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d71f0a6b008df11b48d134744d8ff9a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d71f0a6b008df11b48d134744d8ff9a0_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4172
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    661KB

    MD5

    ecb55ec9dcb233995fb9ef3a0e73224a

    SHA1

    e69b824b74ea782cc0b3149e70b40f5b8aa2d532

    SHA256

    f3e987265a4ea3e8c946b3e7e2fed190b9cb20bc10ff24c4e8c2eb7b1c72e200

    SHA512

    997ad64598d49fd652228629bffe4fd7788d7f102c438b9fc949764ef87361afdf3e0aa4eef00d313be942a8e12b877883f7b2b455ee599b80040dbf9c708323

    Download Submit

  • memory/4000-11-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/4000-15-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/4172-0-0x0000000000400000-0x00000000004C8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4172-1-0x00000000020F0000-0x0000000002157000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4172-6-0x00000000020F0000-0x0000000002157000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4172-14-0x0000000000400000-0x00000000004C8000-memory.dmp

    Filesize

    800KB

    Download