Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7fe78d01df...cs.exe

windows7-x64

7

7fe78d01df...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 02:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe

  • Size

    1.2MB

  • MD5

    7fe78d01df41fd6d5ba6f3de73a20bc0

  • SHA1

    37da5570011d4bd725a10fda701ca6e1f9345e76

  • SHA256

    28274325c3f062c63f477aa1008becf4ea8976ac329730d4bfc0f4432875ad11

  • SHA512

    7c51d66ea32def8d387758f3d9f4a4c3b45843df93d667c9f4570438eb17903e68e6286be22ec9923fd31f3c682b37dadb68575741acd9977f350a50544bc1a0

  • SSDEEP

    12288:vkILIHZs7l2Qb+jGWjVDa/ZSkZjovBY62YsSwdaJ+4I:8RwMCAGUa/ZSkJovBYLYsSwdaJ+4I

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Users\Admin\AppData\Local\Temp\7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 144
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\7fe78d01df41fd6d5ba6f3de73a20bc0_NeikiAnalytics.exe
    Filesize

    1.2MB

    MD5

    742fbf38ff26d002d5bb839fd6efbad5

    SHA1

    561331edeb32b058807ab275b5bbfe14e8cfffac

    SHA256

    7ee828000e417cb08b064ee57d72c6f5684f1aaec521ac86611cd61fe8a04850

    SHA512

    f086b75de430eabbad058f49e6f5827af4b41e4aea21d01b9b33b2ac16a933ba55d0614ee9bfebe16e29202f867961265faf891cbec810f31b925533f010f1f9

    Download Submit

  • memory/2648-9-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2648-11-0x0000000002D90000-0x0000000002E7D000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2880-0-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2880-7-0x0000000002F70000-0x000000000305D000-memory.dmp

    Filesize

    948KB

    Download

  • memory/2880-10-0x0000000000400000-0x00000000004ED000-memory.dmp

    Filesize

    948KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.