Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c99aab9e3...cs.dll

windows7-x64

7

2c99aab9e3...cs.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c99aab9e3d6bcc85720cbec53641f00_NeikiAnalytics.dll

  • Size

    10.0MB

  • MD5

    2c99aab9e3d6bcc85720cbec53641f00

  • SHA1

    ea52b70e08386fdfc9115abd09ba6b3e8e9e9838

  • SHA256

    8ef202906116e43b8cec82b85b21f24c3fbe499b0e5880c6d30781723326bf73

  • SHA512

    bd0eb3bf74b7edbbacb0fd06c76d8da0e0dfc66e60313d46cff62e6b6c2a3b6a1636af0a9d6f601319077568aa3e3396a565429fd421f801983f3a59002ab39b

  • SSDEEP

    3072:p2LK9Gj4b+XQcVc0Uci3HBBjxRd40suk/nX4wjpGI:c/cNThTRmrJX4wj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c99aab9e3d6bcc85720cbec53641f00_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c99aab9e3d6bcc85720cbec53641f00_NeikiAnalytics.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2564
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\program files (x86)\lhij\qhijklmno.bmp
    Filesize

    16.2MB

    MD5

    95905bb3b998c56d6805a379ed966959

    SHA1

    91125c13362040c411f0db36d6a8b3b895f22eb7

    SHA256

    f0310f2337e5d8a43588d1f5071278897eb3204436b202333ce8004a562d8ae4

    SHA512

    23c042c7f8dc9d36375ee1020d2b329e7437e50d53dc21ce4ac5d32a83ac0d0752274c898716b8ed49645f78ce2ff84b957d7e1215d039d15133aca32d77a5c6

    Download Submit