Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

e13940a2bc...cs.exe

windows7-x64

1

e13940a2bc...cs.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e13940a2bc2140341b4ca9473ae1d7b0_NeikiAnalytics.exe

  • Size

    164KB

  • MD5

    e13940a2bc2140341b4ca9473ae1d7b0

  • SHA1

    5792047dd7ddf1706d5d0f2703a4d2fa736d048f

  • SHA256

    3e274afb3631de16cf74351f87dd18884a60a01543a31a5202e7a90eb04214e4

  • SHA512

    c9b85317894bac4ceb57d708f088b50703bf3b4c6d9335196160dd3b8863f07a70131b5b2ab0c70d9a9d909c78ad7c1ebdc9922c3fc50dd5e52f310b8aa1a600

  • SSDEEP

    3072:E4/01B1w1an32ZqsKg5MXBjsYCIfm1piNTNSwebojES:q1sqzegfb/ZIbmE

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e13940a2bc2140341b4ca9473ae1d7b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e13940a2bc2140341b4ca9473ae1d7b0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3000 -s 548
      2⤵
        PID:1912

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3000-0-0x000007FEF5293000-0x000007FEF5294000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3000-1-0x0000000000E90000-0x0000000000EC0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3000-2-0x000007FEF5293000-0x000007FEF5294000-memory.dmp

      Filesize

      4KB

      Download