Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

623456f87e...cs.exe

windows7-x64

7

623456f87e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    623456f87eeffb70e58820404518f480_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    623456f87eeffb70e58820404518f480

  • SHA1

    1d224be2258721fb58c765811dc660d0bc635327

  • SHA256

    21a2483537b9e90ff5665ad05b7e7931375c4263802714f606b6d6a12ac8691b

  • SHA512

    7c9ee78393d2df00658696a98c287e6f473461de737eeaf7c7d12f949bd484fbf1d73f513e8c67d48c315c5fc5188b8f3cd932dfb13bf9b651a43302e46a045d

  • SSDEEP

    6144:AjlYKRF/LReWAsUyaZRjLJoRyE6T/PBFlZNPLZKOwDtlo8c7gK:AjauDReWA3LTlZNPLZKOwDtC7gK

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\623456f87eeffb70e58820404518f480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\623456f87eeffb70e58820404518f480_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\ProgramData\qvaxt.exe
      "C:\ProgramData\qvaxt.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    480KB

    MD5

    5c234a0891ce05911a9e5a2b6dc05e26

    SHA1

    e63ba23ba2916a561c1772512eaca4c7161dc9e1

    SHA256

    9fac6bfbbf3670b631748c78f99b3440bc7eccb8a0dec43bcc6a8b1096881165

    SHA512

    fcedbf844f29bc13866ab9a50974c3acf575276fa0856d671cb167db903706accc05e140baf2857b948060ce9ce8d9c4ce81568e6a3d68b4f6bf713daf6e80ae

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • C:\ProgramData\qvaxt.exe
    Filesize

    343KB

    MD5

    cee238395bbfcfb1aff8bf281c2824c5

    SHA1

    d2817c0092b6855f0d0d08739e118f76a67c3eb1

    SHA256

    30c1a07011b2992a2f05ec7e18d22321449a48051daf1399d3666e2ae0588868

    SHA512

    6fca7cabc024a0bab2a0c32226b61d8450c194d75e7c479b926808e0b0d98654835e30ccffb9d244085cbad591b17af52dfa05989de04905210ee59f6e5f8db2

    Download Submit

  • memory/2504-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2504-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2504-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4348-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download