Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e77baf2f11...cs.exe

windows7-x64

7

e77baf2f11...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe

  • Size

    1.0MB

  • MD5

    e77baf2f115d23c33c1cb8c29c0e3c20

  • SHA1

    f5d6b1c2cb96b207e47122e7be21c5568cbd2100

  • SHA256

    8bb3a284cd23456236bf4c8ce32d2c8183b95d85f9c8056ea36ff543bb85f722

  • SHA512

    56fb44b7f005b515529966d50b493111932cdc9062a38e7dce677273ea394273fbb13e737f025195d4074d962772aeabe7a1e1cc700c8238bc70acd0714bb338

  • SSDEEP

    12288:2hyKW7Y751dqmNM1CBIouDPjVDa/ZSBHnhvMCtjW:Rl7YTwIM1CBIo49a/ZSFueC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 344
      2⤵
      • Program crash
      PID:2848
    • C:\Users\Admin\AppData\Local\Temp\e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2824
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 344
        3⤵
        • Program crash
        PID:4788
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 356
        3⤵
        • Program crash
        PID:2724
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 780 -ip 780
    1⤵
      PID:4768
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2824 -ip 2824
      1⤵
        PID:1460
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2824 -ip 2824
        1⤵
          PID:2628

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\e77baf2f115d23c33c1cb8c29c0e3c20_NeikiAnalytics.exe
          Filesize

          1.0MB

          MD5

          e7c7c1ad30d0023265a6c32ea13b288c

          SHA1

          d41a06ae17a243800afc0001b09e6eb8beb8feb7

          SHA256

          f3a372f47bf5cc9f0419d92396543706b59158376ca87662dec08a3de9f93aa8

          SHA512

          35bb88421f6f01c663a1293627d5c4c22c566e5b6cb6e5b2a2b6d83f5679cae3432e3a09ad909364e597badee4390ad924dd3c2cf207a47624ac99013513a7c9

          Download Submit

        • memory/780-0-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/780-6-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2824-7-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2824-8-0x0000000005010000-0x00000000050FD000-memory.dmp

          Filesize

          948KB

          Download

        • memory/2824-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download