Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

789c81e06e...cs.exe

windows7-x64

1

789c81e06e...cs.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 01:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    789c81e06e4e9073485a4ffbd8ac01c0_NeikiAnalytics.exe

  • Size

    14KB

  • MD5

    789c81e06e4e9073485a4ffbd8ac01c0

  • SHA1

    3819152a02481a3e40ce0acd849447360458b120

  • SHA256

    8f9062a2f68b108a9a1b209a679b97aecfaaa05ff9ba06acf82aaf067145b4dc

  • SHA512

    fdbf1b8a97860bcd38f55d1a43bd10e96a4ac6652aecddb942e8d5597137cc52548143c02eb08a225cc42700335a3b2de4b0ac13047b5a0fd64f0d439761ec53

  • SSDEEP

    192:sgr6un9jK+Zr/IkpFsdFVvAYIwpZDwmtgEf5s4rPDs9VgqDE045HQ:frBn1X79pKF5tl/xprrwVPDE045H

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789c81e06e4e9073485a4ffbd8ac01c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\789c81e06e4e9073485a4ffbd8ac01c0_NeikiAnalytics.exe"
    1⤵
      PID:3968
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        2⤵
        • Program crash
        PID:2964
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3968 -ip 3968
      1⤵
        PID:224
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3480

        Network

        • flag-us
          DNS
          241.150.49.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.150.49.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          0.204.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.204.248.87.in-addr.arpa
          IN PTR
          Response
          0.204.248.87.in-addr.arpa
          IN PTR
          https-87-248-204-0lhrllnwnet
        • flag-us
          DNS
          73.31.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          73.31.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          50.23.12.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          50.23.12.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          149.220.183.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          149.220.183.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.31.95.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.31.95.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          133.211.185.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.211.185.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN A
          Response
          chromewebstore.googleapis.com
          IN A
          142.250.179.74
          chromewebstore.googleapis.com
          IN A
          142.250.179.106
          chromewebstore.googleapis.com
          IN A
          142.250.178.138
          chromewebstore.googleapis.com
          IN A
          142.250.201.170
          chromewebstore.googleapis.com
          IN A
          172.217.18.202
          chromewebstore.googleapis.com
          IN A
          216.58.214.74
          chromewebstore.googleapis.com
          IN A
          142.250.75.234
          chromewebstore.googleapis.com
          IN A
          216.58.214.170
          chromewebstore.googleapis.com
          IN A
          172.217.20.170
          chromewebstore.googleapis.com
          IN A
          172.217.20.202
          chromewebstore.googleapis.com
          IN A
          216.58.213.74
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN Unknown
          Response
        • flag-us
          DNS
          74.179.250.142.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          74.179.250.142.in-addr.arpa
          IN PTR
          Response
          74.179.250.142.in-addr.arpa
          IN PTR
          par21s19-in-f101e100net
        • flag-us
          DNS
          109.116.69.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          109.116.69.13.in-addr.arpa
          IN PTR
          Response
        • 142.250.179.74:443
          chromewebstore.googleapis.com
          tls
          1.9kB
           7.9kB
           15
          16
        • 8.8.8.8:53
          241.150.49.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          241.150.49.20.in-addr.arpa

        • 8.8.8.8:53
          0.204.248.87.in-addr.arpa
          dns
          71 B
           116 B
           1
          1

          DNS Request

          0.204.248.87.in-addr.arpa

        • 8.8.8.8:53
          73.31.126.40.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          73.31.126.40.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          50.23.12.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          50.23.12.20.in-addr.arpa

        • 8.8.8.8:53
          149.220.183.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          149.220.183.52.in-addr.arpa

        • 8.8.8.8:53
          18.31.95.13.in-addr.arpa
          dns
          70 B
           144 B
           1
          1

          DNS Request

          18.31.95.13.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          133.211.185.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          133.211.185.52.in-addr.arpa

        • 8.8.8.8:53
          240.221.184.93.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          240.221.184.93.in-addr.arpa

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           251 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

          DNS Response

          142.250.179.74
          142.250.179.106
          142.250.178.138
          142.250.201.170
          172.217.18.202
          216.58.214.74
          142.250.75.234
          216.58.214.170
          172.217.20.170
          172.217.20.202
          216.58.213.74

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           132 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          74.179.250.142.in-addr.arpa
          dns
          73 B
           112 B
           1
          1

          DNS Request

          74.179.250.142.in-addr.arpa

        • 8.8.8.8:53
          109.116.69.13.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          109.116.69.13.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3968-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.