Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2e333374f5...cs.exe

windows7-x64

7

2e333374f5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e333374f57a9b148338e9759d3d2480_NeikiAnalytics.exe

  • Size

    5.4MB

  • MD5

    2e333374f57a9b148338e9759d3d2480

  • SHA1

    e9f0efa14a690f7d67fd35d5af4f3aa496334000

  • SHA256

    78477a4cdb8655f7dec6819cb321e42af88dc4c286261a96965f03e35282c2e2

  • SHA512

    8b0c6a5a7d8034516335a1003e86ff8116a2b9623480c734090b5fb6c23c4d8a2b0473ec3f96a8216f0dd599d22bac6e0b33eaef7b377d75da376a02ab3b91a3

  • SSDEEP

    98304:emhd1UryeOACRBGKz5SuhwKkmUcV7wQqZUha5jtSyZIUh:elHCPgKkmUc2QbaZtliU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e333374f57a9b148338e9759d3d2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2e333374f57a9b148338e9759d3d2480_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\1870.tmp
      "C:\Users\Admin\AppData\Local\Temp\1870.tmp" --splashC:\Users\Admin\AppData\Local\Temp\2e333374f57a9b148338e9759d3d2480_NeikiAnalytics.exe 2452E65CC1D3F52B2FB36C239135F028C235D862448A31E1EA95D66ADA63FB4E5F1C48DE788021E9C127E02E137117DC4834B2943955F1FC002DCB7008BC1049
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1870.tmp
    Filesize

    5.4MB

    MD5

    736db10d9726d880b5d76f07a1be539e

    SHA1

    8dc3ce30ff6ed9e1fe159ac8f8881ae75ed3d342

    SHA256

    46cd858a4337152a4ecc16df7d528bba3b2ebd3f3f61396a812036e5d90e7cee

    SHA512

    22cbe1e4c75967c71edf57c87baa3e4c5fb74faa43509696bee1c62703d13d956f8789f9f62e54910b7729b2a864574cd014ae3d23005a2108650f2a009ba788

    Download Submit

  • memory/1864-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2224-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download