Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5a776d9325...cs.exe

windows7-x64

7

5a776d9325...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 08:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    5a776d9325582a8eba6d08b8e4ae2260

  • SHA1

    4d8b45b7de4804121616debf527e665ada169ee5

  • SHA256

    4b63dc3c8e90ef095989e53256a8b7f990c0db28c2a11e2fba23313723f85873

  • SHA512

    b8fd65d9e5b4d557becbd7fa45a5982620503b6cdc172178224894b2c8ce4a4f67a90c26114d056b5c73474a0925ee19edf709a5eafeae8fab47aa7231d8e3c6

  • SSDEEP

    1536:zvE4jn835XRvWOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvLj8RRrGdqU7uy5w9WMyiN5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        PID:2268

Network

  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.24.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.24.18.2.in-addr.arpa
    IN PTR
    Response
    25.24.18.2.in-addr.arpa
    IN PTR
    a2-18-24-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
No results found
  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    25.24.18.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    25.24.18.2.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
    Filesize

    79KB

    MD5

    6d4b360221d7561196a87184fcae9fb5

    SHA1

    6fd8c4ee41f2dd4624382e77e98e9a8f67c3a3c8

    SHA256

    8d602ac47c3d9eea48a1879f8e73c6059176f912d9eadc98da4556bb53cdbd8e

    SHA512

    963d93449512be18ab7e1c41a2cbe6868d2a9c4597072ab43642d23af887cdd0f797cd5c432fefbc8b98fa2b9cbfe0fc0e9297da7b9d7c96adf75a7acc7b204d

    Download Submit

  • memory/1936-6-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2268-5-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.