Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 19:58

General

  • Target

    e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    e949a8de8634af1527b3bd5eb113fc20

  • SHA1

    7183b085bde2873d4e0f456ea03d7109f17737d5

  • SHA256

    ae3d043eab55f81893e3876658b85bc68906acb59d6794f3a0455346f3215e2d

  • SHA512

    5afaa5cb07c20919a28da14ce71d0c23cb4c57a350689b814606be34ba29c1e9eb89e1c9b11207e03f1291e3321f4349a14ed4139f886a36c406554ba452e5c4

  • SSDEEP

    1536:zvJRAT+S0kaNVu9TOQA8AkqUhMb2nuy5wgIP0CSJ+5y+AB8GMGlZ5G:zvJR6Z0FNVuUGdqU7uy5w9WMyVN5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\[email protected]

    Filesize

    79KB

    MD5

    2da87b79be36f289386c81c7ccaa757e

    SHA1

    1a473dab76d2060ff237079877885665e248077a

    SHA256

    1261254ad3649c7032f7f0fa503d6b68d5977c976e1ff4b3b52632b9ef93ef59

    SHA512

    8dbca2f39a4a6b73647f93e213d1ef7c75a1476d5c6a3953d5a8f0a71ef7faa59b36c42db604911707b3529f12be99859925fca2a6be3ed98bbca40d56f9e99f

  • memory/1032-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2352-7-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB