Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7dae877e96...cs.exe

windows7-x64

7

7dae877e96...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe

  • Size

    704KB

  • MD5

    7dae877e96f7dceb8894cb5d20be3280

  • SHA1

    a1a8ba92cd2209fe7bde49d6fac062b4db83e5f7

  • SHA256

    905d00581eee8e5167fd4b6cb54c6fa5f66978e03ae0ceda0003bf34fa8e510a

  • SHA512

    90efcb8d9729d123d0872062f9ca3141bfb5e816a97864967472c6d827998d73a7afd35bf37e1916c6b84d5aa4f5afb453e1ad56c9a8f577b74633194eefc4e5

  • SSDEEP

    12288:p4uFR+66uZBX9aLisvNeOVQ5zCD4TyWN9VysX7rdGrr5MSEJRrv1:a4P6ubX9aLisvNeOVQ5zY4xN9VyUGEJz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
    Filesize

    704KB

    MD5

    3d3904cc19a612604513d5432f97bc52

    SHA1

    bbef212ab63c4042b2e28c56c480b7194ee4f120

    SHA256

    917aa4b47f16dd6500d8732d8d7aa94a2f3318d404e83bceb8e3051dc8328e70

    SHA512

    93a6435c975ba5eb4c34df4be2eaf022f8384edd70127e07ddd5938fbfc17062d399be7b5a0e83f9d79d785372dd0816362cddcbb05bb23b1e4260bee1242ed2

    Download Submit

  • memory/2604-11-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2604-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2604-17-0x0000000000130000-0x0000000000172000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3048-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3048-6-0x0000000000130000-0x0000000000172000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3048-10-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download