Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 21:11

General

  • Target

    020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    020eed924a280054c4539ec0404d6da0

  • SHA1

    a691838dfdba8fa784fd6afaab8547bb7a6139ac

  • SHA256

    019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074

  • SHA512

    3b230e077abaf15b5355ecc8d9de23c364a3838bb2586dea1f0c591cf4fdc9999b231df31cb2fe7a2dcab50b162e7b1f0d9042da74102cab76ef637890cbc9f7

  • SSDEEP

    1536:zvOjaGdq/bOXbIv3YOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvOjapaYGdqU7uy5w9WMy0N5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\[email protected]

    Filesize

    79KB

    MD5

    49caf46630fa1da76f622b61e8dd1bb5

    SHA1

    3c7d8c9d5ef80a42b605a179f872faa93d8113f8

    SHA256

    0ae98037ec3d8feefc9977ff9dce52374868384c97fce1e2c61ab43f5f5435f0

    SHA512

    4760180c47f61fa54b39cc17e97da63f4fd35b6772e856736cc3e83b7fe28605edeb241c69aa843e89a8a782cfcce2a2eb27883b9366e91b9a0482ad929d47af

  • memory/2956-8-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/3052-7-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB