Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

8126db868b...cs.exe

windows7-x64

5

8126db868b...cs.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8126db868be6fab264e7de95f27eb4e0_NeikiAnalytics.exe

  • Size

    1.1MB

  • MD5

    8126db868be6fab264e7de95f27eb4e0

  • SHA1

    1cad6c9456970c8b4e5a237d936ae212cecd9284

  • SHA256

    057b297a06c6d51388359f7b78f504e839d90d296a66188a698869e801ddde20

  • SHA512

    5933644b79d94447727f3938898f374168a9825a4d06dd5ada90ddd5e71f37cdf27c36cb8038854a9315600e57713245e9b00c31d8ef76622b92cea9c0fadad5

  • SSDEEP

    24576:pAHnh+eWsN3skA4RV1Hom2KXMmHaE6FzdQ1DiblY25:wh+ZkldoPK8YaE65dQ1DiblJ

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 5 IoCs
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Users\Admin\AppData\Local\Temp\8126db868be6fab264e7de95f27eb4e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8126db868be6fab264e7de95f27eb4e0_NeikiAnalytics.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\8126db868be6fab264e7de95f27eb4e0_NeikiAnalytics.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1188
    • C:\Windows\SysWOW64\convert.exe
      "C:\Windows\SysWOW64\convert.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1412
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:1380

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut4834.tmp
      Filesize

      265KB

      MD5

      444d369d29385c219ed7475a8f60ca33

      SHA1

      93795f912d94c7e200a2a3803051a6990912fd7d

      SHA256

      e879d486b4aa7deb786797fe1d9f9d88c8a42fc598c4d6438fb441739831a1d0

      SHA512

      8be6780969e826bf8e59bf71d1acb36ebfce9bc1faa69b2be3b45ff4fbd79624923ba53e4dc3283b8add817b96c6d006dd3bf05fb90f386da3a34fae00108b15

      Download Submit

    • memory/1188-24-0x0000000001100000-0x0000000001122000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1188-13-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1188-14-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1188-15-0x0000000001400000-0x000000000174A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1188-16-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1188-17-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1188-18-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1188-19-0x0000000001100000-0x0000000001122000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1188-23-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1380-38-0x0000018BDE070000-0x0000018BDE17E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1412-21-0x0000000000910000-0x000000000094F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1412-22-0x0000000000910000-0x000000000094F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1412-25-0x00000000013A0000-0x00000000016EA000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1412-26-0x0000000000910000-0x000000000094F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1412-27-0x00000000011F0000-0x0000000001291000-memory.dmp

      Filesize

      644KB

      Download

    • memory/1412-29-0x0000000000910000-0x000000000094F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/3528-20-0x000000000CE40000-0x000000000D365000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/3528-28-0x000000000CE40000-0x000000000D365000-memory.dmp

      Filesize

      5.1MB

      Download

    • memory/3528-30-0x00000000033A0000-0x000000000348A000-memory.dmp

      Filesize

      936KB

      Download

    • memory/3528-31-0x00000000033A0000-0x000000000348A000-memory.dmp

      Filesize

      936KB

      Download

    • memory/3528-39-0x00000000033A0000-0x000000000348A000-memory.dmp

      Filesize

      936KB

      Download

    • memory/4804-12-0x0000000003A90000-0x0000000003A94000-memory.dmp

      Filesize

      16KB

      Download