Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

468952c7c4...cs.exe

windows7-x64

7

468952c7c4...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 10:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe

  • Size

    5.4MB

  • MD5

    468952c7c4cc9d919455f6dd237823c0

  • SHA1

    f27106f0c59fba56847446cde9919d12e32f7a79

  • SHA256

    c520f3a32d4f6e82ae61d8168c4a52d13735af74c3bae0604604eee8c640b79b

  • SHA512

    ecceafbc5a4623f3f26b1b8a0bf10945eab2c2cb06884e52a2faf9970ebfa63a28bb4d8c0bb13ddefceae1dcc7179622bb479bdbef90f99eb0d6558bcfe94cc2

  • SSDEEP

    98304:emhd1UryeHFrkJ10P5nb1VR89nV7wQqZUha5jtSyZIUh:elnFra6BjE2QbaZtliU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3328
    • C:\Users\Admin\AppData\Local\Temp\2C7E.tmp
      "C:\Users\Admin\AppData\Local\Temp\2C7E.tmp" --splashC:\Users\Admin\AppData\Local\Temp\468952c7c4cc9d919455f6dd237823c0_NeikiAnalytics.exe B284A615F0F8ED617706810B26C9C38FAC09285B38A205B0EEA28270200011599D44CF52B13D31770002A26CA2CDDA30A5EB5B3A82B55E78DBD76D6E3C688019
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2C7E.tmp
    Filesize

    5.4MB

    MD5

    06f775058483498003b716c35bb9c1c1

    SHA1

    eb06099834d9bb8c444b8a3a760c19b134ac326f

    SHA256

    e44020fd276d1cadb39fa9322a5578e0732992582966250916ff38cdc1f9ff92

    SHA512

    acacca39b642d6a612d04c2cea9c27f875cb717ffb44135fba3c5c0cfe0bdcff3ddddb9f379c7172802637e0328cb64711732e919345d855bb17e7cea358e4a4

    Download Submit

  • memory/1576-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3328-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download