Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

976fec1f70...cs.exe

windows7-x64

6

976fec1f70...cs.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 01:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe

  • Size

    40KB

  • MD5

    976fec1f7068de234d4b152c88403730

  • SHA1

    bb6f8efa8fb035baf680e8d99b8c38277a40677a

  • SHA256

    aaa82c7252c2b993eb68297f50bd58e00d0292361248fc788b74f891d4fcfcc4

  • SHA512

    d2a2996c7b05ab5b4a4d3dfe2039eccb8d6b214aac4af236712dae2578d92797560424c2bdd7efde4e1e2cf908cca807f84d7a6924b500acd5f52e8e0646b3fc

  • SSDEEP

    384:R4xUgL9mP/khB8Dy4MfyzLeReRGngzXZ+Yu1zJIFBdy1AQrPgwNt6AMJ1cbfnVz6:eGknMFiiDMNzJIFBLQ7XNt6bk6

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\976fec1f7068de234d4b152c88403730_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
      2⤵
      • Adds Run key to start application
      • Runs .reg file with regedit
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\SysMain.exe
    Filesize

    40KB

    MD5

    13af2e2ca749e57d48997d3caacb62f1

    SHA1

    b531648d3be8ece3f38ad0ce081e0902a82865c6

    SHA256

    56d7fa2b830ce61cdabca9d2e45be0cc3024729d8ae8c393ab694e4074e98c3a

    SHA512

    26540f2d6b0eeed6126ff0578b771469c3f0e4f1843f6637e27daff29d7669c7780f0c2cb2c036b5973b5a3aba1f27cd4a33d8a84c546d6730f8c98c11b3665a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
    Filesize

    166B

    MD5

    b67c54cc252016ea441affb1b015db90

    SHA1

    b956bf51ed1213a4903f5af819edbb2b200b416c

    SHA256

    efe884ae8327e9d7811fe8b00b79a1c3d302aba1f9c1aef982398c6e9460d93b

    SHA512

    d79926f6462cb0e64c592cc28771f2bf95d18bf936846288c3a11271c4d50907dfd63998c6d5da6d96149dbbd370c6642b87e28b2f6624a5a803efdfebc03194

    Download Submit

  • memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2876-1-0x0000000000020000-0x000000000002A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2876-2-0x0000000000020000-0x000000000002A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2876-12-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download