Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ebd44f55be...cs.exe

windows7-x64

7

ebd44f55be...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 09:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe

  • Size

    194KB

  • MD5

    ebd44f55bec49c8ab0522d8eb4e7c9c0

  • SHA1

    985090217826aee0bb8d86cf82c24d1db35391fe

  • SHA256

    3ebed8a2e4bf37fba5a4d37f1d931a067bcb7e46e1824b23f2752da8baeade4f

  • SHA512

    e2e18f25c9806f0f326655893a9cd727216b0ad554a2ba6d9cd9883702bacd2ff7508efed606309f60b529ecf7382e6255447966219db50530deec8f7a6e420d

  • SSDEEP

    3072:eJ+IcrDo2u+uP5d6zRuHXtUtcbvYT/Z+q6XDYA8Y4SJXYVi2eBo99oUeCEJYYvuq:eA62GB6YHC4yLFSd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ebd44f55bec49c8ab0522d8eb4e7c9c0_NeikiAnalytics.exe
    Filesize

    194KB

    MD5

    fbcf559c80e7d24f4d91f32eaab6d075

    SHA1

    88900fd4d450cefbae3d16cf0a85342e44db7fc0

    SHA256

    36844cf154f39fba892755342a07e7d41df277cbb3014d694fceb80fcdae4441

    SHA512

    c34ece999556ec22e27bad81ff385673162be6e307fb29f14350dd489f27611d9d9ec73183719633607ae8e6dd6feb41c240b07f4ec2b7e4675820de0eefaf6a

    Download Submit

  • memory/2000-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2000-9-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2912-11-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2912-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2912-17-0x00000000001E0000-0x0000000000219000-memory.dmp

    Filesize

    228KB

    Download