Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

82ab49c0b0...cs.exe

windows7-x64

7

82ab49c0b0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82ab49c0b09b3a5e345d583b4c946a90_NeikiAnalytics.exe

  • Size

    94KB

  • MD5

    82ab49c0b09b3a5e345d583b4c946a90

  • SHA1

    7429b51b9934c1d61f01000fd40a45b63eb7ec61

  • SHA256

    ea0abd691e5ebb4878cad5500a95ffe8f546fbd366106f1a5bfe37213db672d9

  • SHA512

    24defe8ae649bbaf5c8d52aa3ae0e2108ebd92143eb21015d0dfd84aa41469add6938fc8d2eb423a5a5e5e984072bc203126831e2678516b880e814fe65a0f5b

  • SSDEEP

    1536:PGYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7uC:PfU/WF6QMauSuiWNi9CO+WARJrWNZ5

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82ab49c0b09b3a5e345d583b4c946a90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\82ab49c0b09b3a5e345d583b4c946a90_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:4040
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\82ab49c0b09b3a5e345d583b4c946a90_NeikiAnalytics.exe" >> NUL
      2⤵
        PID:468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      94KB

      MD5

      48324997f50db39d5efd4904967fa165

      SHA1

      75ab826c38d14eaa6ebab5cc996bf42d8fb436c0

      SHA256

      971ea8ae4c514bcf95e5fa90aeea9c0a8d3d9e9ee0cba6334107c3ee9a721f96

      SHA512

      313c18d9a7e585c5b4813749b6b9e5853df9104c7796d3159ab173d6304e0e72132ab036b2f1da68cb994e718986c750b325c327d0b63399a48111b5c65c8978

      Download Submit