Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

465c90cc41...cs.exe

windows7-x64

7

465c90cc41...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2024, 22:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    465c90cc4133fd9175a93296f6f241f0_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    465c90cc4133fd9175a93296f6f241f0

  • SHA1

    f078ab94a2cdced9163ef928b655a69335bcb4e6

  • SHA256

    130f291fce97ac4ee85e3c128a401ce4df46ad6f78816752757bc56a451fcc5b

  • SHA512

    9a7e619bfdf6feb8bbae8a790ece907b35b7b49523901ce70ff7b6e93b606f6d44b9d19542ab114e1fbc9d44f1be9120c7aa08666af95745f9515d917a56be63

  • SSDEEP

    1536:zvpySxR4aEN4w0CP3YwhOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvzxcpWJGdqU7uy5w9WMyMN5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\465c90cc4133fd9175a93296f6f241f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\465c90cc4133fd9175a93296f6f241f0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    Filesize

    79KB

    MD5

    4c59cdbd3c427ba159fde6a751d64992

    SHA1

    5247a2f1f0ba9bcc4d58fa1cf4a54d2528b4604a

    SHA256

    24478adebd623f409d3ad081476602bff86017ee4f7d32188f482cbefdc1b158

    SHA512

    ab3e18360a71af5d9129c63148e492ab60aa819df3b75a88b5c8966c09065eb179b0497c100cfa284f41ddaa79b8051593c9a5fa1b435b9f8f5f4b5a465cc801

    Download Submit

  • memory/1580-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3064-7-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.