Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ec7efd0067...cs.exe

windows7-x64

7

ec7efd0067...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe

  • Size

    1.6MB

  • MD5

    ec7efd00677a3910d0ae2e2db47d5f40

  • SHA1

    79ef0f99f100cbca04e9f258d288ec31d951d9fb

  • SHA256

    43499403d2edeef03e34e7901677cb2a4f34b7c22a94df77dfe0f754d435528c

  • SHA512

    864e1cd9ec2432e73f4ef2682ccda1347d302c73bb7211365e99fb768c2838bda17225251d53f4f72a244eaf96d3adb88da657863c49503567a8f3f6f8c916ab

  • SSDEEP

    24576:bCtEmZH+nLjsSv8DZHO2hf25CseGncZ4U7Pd8OB0O2SkKuyD:bCFNWjsO8B7hfaCYcL7V8IlkKd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ec7efd00677a3910d0ae2e2db47d5f40_NeikiAnalytics.exe
    Filesize

    1.6MB

    MD5

    1399e948c17e23744d6c802443a80673

    SHA1

    03e96a4c16b5691e2b4e27705eb3d2fefc0c6bc5

    SHA256

    3d2bf64682a2b390d7d741d6fb984394611330ddb3d9693e49556d1c3165e470

    SHA512

    8e126b87af3f554587d1dcc52c0235c4ecc7855ab7174ef671041f94e8f26c635fda576e193eef34c7e25db7bd041556d355ba8c94e44fbe6a0cb0b21ae3d321

    Download Submit

  • memory/1740-11-0x0000000000400000-0x000000000059D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1740-17-0x0000000002F80000-0x000000000311D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1740-10-0x0000000000400000-0x0000000000520000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1740-39-0x0000000010170000-0x0000000010290000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1740-33-0x0000000000400000-0x0000000000481000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2528-0-0x0000000000400000-0x000000000059D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2528-9-0x0000000002F90000-0x000000000312D000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2528-8-0x0000000000400000-0x000000000059D000-memory.dmp

    Filesize

    1.6MB

    Download