Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

efc32cf29b...cs.exe

windows7-x64

7

efc32cf29b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe

  • Size

    47KB

  • MD5

    efc32cf29bf96b8541f1e2ceed136910

  • SHA1

    9e78de556c6bfd93ecb9c675394ea98d3878c55e

  • SHA256

    4531e870a69d4a25f9a34d27e4220a5f3a9fbda56af52f99995c672974d1dec6

  • SHA512

    91e13e64b061e02db797e77a63cd027d085eba4a94df422a86465964c73a62c8a743b4d3913789c1cad156297aba3b9e62b1289b070d88a9b66caef0c3dc51a9

  • SSDEEP

    768:ErzJKnNCzPFU7afR9g3/jbP+WbUk87ZDs0hXL/ZNbd3GOL:EsNkfRY/os0hXL/ZNbdT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\efc32cf29bf96b8541f1e2ceed136910_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    PID:1844
    • C:\Windows\SysWOW64\rmass.exe
      "C:\Windows\SysWOW64\rmass.exe"
      2⤵
      • Executes dropped EXE
      PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rmass.exe
    Filesize

    44KB

    MD5

    53943caf98f1aff9af53a5d5c2ac00bd

    SHA1

    366c184a9487b98db92f2e41ece71396b7b1c7f1

    SHA256

    017b37aac8e7f9ce96c9dd37c55e760c5ad75d62bf962666eb98d4b20397dd58

    SHA512

    8167b1eb373a5f6165b6c6fc904691ce2cd2f542fbf7418bf28a6938f97d094381a0f693567d2d28b84f3cc79980a67e21163634fc7ac00b16d78a1b8806d8ba

    Download Submit

  • memory/1844-3-0x00000000772D2000-0x00000000772D3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1844-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download