Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    92s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 03:00

General

  • Target

    8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe

  • Size

    79KB

  • MD5

    8af4e315bf7a4ca99b86c61bdfdcaf00

  • SHA1

    786ed64f5bd0f73641ba9557220f0d7360d77877

  • SHA256

    efbf8cfe13e81546d69db4f6a83df52371145c3548e437ae584efa18731964d5

  • SHA512

    64a27f0ba99cdf3fa99072db1ed044634e1ff09504cfc47c3db532f008e9d940e96c855e898470c88b40b12b1f32ba1670a7cead63d3b5b59686b736e33c5683

  • SSDEEP

    1536:zvKe+jx+KPqU42NOQA8AkqUhMb2nuy5wgIP0CSJ+5ybB8GMGlZ5G:zvz00uqU42UGdqU7uy5w9WMybN5G

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\[email protected]

    Filesize

    79KB

    MD5

    03d5ea38526228e9ef9c68c0e1ebe798

    SHA1

    d4bd7e03c212245f60f39689b2152056f7491048

    SHA256

    d68f916e3dfcc7c50526f62348f5a619fd80979510e67462c605b717c31c3c24

    SHA512

    859e03d7b39b16cbaed450d9b1c7c425fa2e8cfd169a28fe68dcc5794a980790747fcb2252c38068c472c946785b85d1bf1f22a1e80155a7a73a376904563ab2

  • memory/928-6-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/4004-5-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB