Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7dae877e96...cs.exe

windows7-x64

7

7dae877e96...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe

  • Size

    704KB

  • MD5

    7dae877e96f7dceb8894cb5d20be3280

  • SHA1

    a1a8ba92cd2209fe7bde49d6fac062b4db83e5f7

  • SHA256

    905d00581eee8e5167fd4b6cb54c6fa5f66978e03ae0ceda0003bf34fa8e510a

  • SHA512

    90efcb8d9729d123d0872062f9ca3141bfb5e816a97864967472c6d827998d73a7afd35bf37e1916c6b84d5aa4f5afb453e1ad56c9a8f577b74633194eefc4e5

  • SSDEEP

    12288:p4uFR+66uZBX9aLisvNeOVQ5zCD4TyWN9VysX7rdGrr5MSEJRrv1:a4P6ubX9aLisvNeOVQ5zY4xN9VyUGEJz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 396
      2⤵
      • Program crash
      PID:2852
    • C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:660
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 364
        3⤵
        • Program crash
        PID:3028
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1120 -ip 1120
    1⤵
      PID:4176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 660 -ip 660
      1⤵
        PID:3200

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\7dae877e96f7dceb8894cb5d20be3280_NeikiAnalytics.exe
        Filesize

        704KB

        MD5

        409b3b44d231d0c67bbdbd948847884b

        SHA1

        1621da665d7e76b07673050e41b3f94452f71ce0

        SHA256

        ddb42313e63f23c40da7b9f1c2c6e4473badce2f1c2bbb962bd66242074c3abc

        SHA512

        cf47d71336657cef1c78cd83689032cd2f7d2d9b20f233781a3d62f9f6191e63d44d28bfc1af76494b0f9faa104a2e16cde78afbd5f2a00c2334fc8b1e498ba0

        Download Submit

      • memory/660-7-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/660-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/660-13-0x0000000004DE0000-0x0000000004E22000-memory.dmp

        Filesize

        264KB

        Download

      • memory/1120-0-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/1120-6-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download