Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5079312b00...cs.exe

windows7-x64

7

5079312b00...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5079312b00cdb29097b2e9f54ee44d90_NeikiAnalytics.exe

  • Size

    133KB

  • MD5

    5079312b00cdb29097b2e9f54ee44d90

  • SHA1

    ee5c5830b06cf7e1890960b44ee0b83566e801b1

  • SHA256

    eb78bb21aebc3bbea96e589c71c198bc3b4c625009e7ea064266c9dd0713669c

  • SHA512

    7054d49152d45bfa24e69d442a0f0d0334878e3484b405ca67e37c715cda6d2545990698be6d7d47944c5809112a68ac64af9f3252a3b73b95d24ef33b8ef74c

  • SSDEEP

    3072:VEboFVlGAvwsgbpvYfMTc72L10fPsout6nnn:KBzsgbpvnTcyOPsoS6nnn

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 33 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 23 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5079312b00cdb29097b2e9f54ee44d90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5079312b00cdb29097b2e9f54ee44d90_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\System32\svchost.exe -EMBEDDING 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530425D474A422F565840 0
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:3824
  • C:\Windows\system32\cmd.exe
    cmd.exe /c call "C:\Program Files\Common Files\Microsoft\1D11D1C\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530425D474A422F565840
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Program Files\Common Files\Microsoft\1D11D1C\KVEIF.jpg
      "C:\Program Files\Common Files\Microsoft\1D11D1C\KVEIF.jpg" -3 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530425D474A422F565840
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\System32\svchost.exe -sys 423B5D51736E6673606C2147686D64725D426E6C6C6E6F2147686D64725D4C6862736E726E6775215269607364655D4C52486F676E5D304530304530425D474A422F565840 0
        3⤵
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of AdjustPrivilegeToken
        PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1C\1D11D1C123.IMD
    Filesize

    134KB

    MD5

    e8e1b0ff1b7327627bf568dde84a47e2

    SHA1

    cad238c31a3d1354abb55a093f6aa210a4ab4db1

    SHA256

    1f1b4c3c69b3f708cefb3946f1ada2e23728e7e5a4a1843f6c848e182de2a468

    SHA512

    49d274784a17ff1216e8c9b7af7b48c26bfe83b380714f50d2f2a50ce5e0fa110bb3368498f4bedba511b677f72c12e6956ff4550d74d7fa96debd69c20134c0

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1C\KVEIF.jpg
    Filesize

    133KB

    MD5

    3efe5a5e1fa020677bcf79a8ede474f0

    SHA1

    2c729bdf8459d0a893aef15b48483f272b6bd7ed

    SHA256

    702bdda8f7cbe97802ecfd70c0f3681d62928ed307e56eea60b915123eb81adc

    SHA512

    d35998623e1a3b461089336c2a0b7cf49cbaf44594796d4d8a54556d46063bd1714f024c50222a6f328f173390fcfa077e035c62ae8f03ace042570cea7f1582

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1C\KVEIFss1.ini
    Filesize

    22B

    MD5

    930acf89790980bda3854f8bd8dc44d6

    SHA1

    4033478772bd5b31cdbf85187ad30eb03a560f33

    SHA256

    34158e7ba9674f6eb03866767791fb29663241342a304cbc1286bdaf049269a6

    SHA512

    87752859deee77287cf49d0f54f92dee94f49b2ef3c4fd76ee0b573f1cd73b3b9b472ce4f83e8ae11a8b71aa1c0a802c72b87f7fd940a6b3ddce4d85ab68b7b8

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\1D11D1C\ok.txt
    Filesize

    87B

    MD5

    046a70db3a724fe8817d08378c9eab52

    SHA1

    af83311519d0731ca12b184e40b20061668e007f

    SHA256

    7ddc9e48ffba377caff7161be91d0c50ab91264a5e4fc980300bcf5e673a1ebf

    SHA512

    1aca2a1c0f3e6023a83da6dbc0a3917a7399b0430a32630f776fbadced82e35ab010796a30b4b881aa02ee5329f38f87b24cea69b7ce303b3814ec0ae9a9f2e8

    Download Submit

  • C:\Program Files\Common Files\Microsoft\1D11D1C\KVEIF.jpg
    Filesize

    133KB

    MD5

    d5059e95267b667df3269caf10cf038d

    SHA1

    95e65950664b0572d55bf4c1c9f84ed2e48a5ddd

    SHA256

    eb806a024df11156b445e724a475d913b4055325d5e80678decc8c086d8aa96f

    SHA512

    50aafe9c322fe1eae24653362e233a4070966bb591901b91a4a31a0f71bcd8b29d1316ddea5e0fa3795896780af2fa31e58d49102efe8f9f548499349b6b9c3f

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\MSInfo\1D11D1C\KVEIFmain.ini
    Filesize

    1KB

    MD5

    87a358f357a3b6ed47d0f8e0195317af

    SHA1

    35a8c9ba7127c9c2b665a684b32f69581ef03b7e

    SHA256

    bfe5cccf60dc2430e6d421f21a4fe272abd87ea9bb23863c7d5663eb56edd5f1

    SHA512

    c754d6e9f14512e0624f7de4faf164c2b77193fe4778ebebc6939b9ec2691c1f4ba3352e9f2bc66531c439bde243b86f741c41122ca517539ed7bdd89ad2e6f2

    Download Submit

  • C:\Windows\SysWOW64\kernel64.dll
    Filesize

    625KB

    MD5

    eccf28d7e5ccec24119b88edd160f8f4

    SHA1

    98509587a3d37a20b56b50fd57f823a1691a034c

    SHA256

    820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6

    SHA512

    c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670

    Download Submit

  • C:\Windows\Web\606C646364636479.tmp
    Filesize

    108KB

    MD5

    f697e0c5c1d34f00d1700d6d549d4811

    SHA1

    f50a99377a7419185fc269bb4d12954ca42b8589

    SHA256

    1eacebb614305a9806113545be7b23cf14ce7e761ccf634510a7f1c0cfb6cd16

    SHA512

    d5f35672f208ebbe306beeb55dadde96aa330780e2ea84b45d3fa6af41369e357412d82978df74038f2d27dff4d06905fd0b4d852b0beef1bcfdd6a0849bc202

    Download Submit

  • memory/2852-31-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-20-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-32-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-2-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-3-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-29-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-27-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-33-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-21-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-23-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-25-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-5-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-7-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-11-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-15-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-17-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-10-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/2852-13-0x0000000002180000-0x00000000021D5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-96-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3824-106-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-108-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-130-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-128-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-126-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-124-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-120-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-118-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-116-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-110-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-112-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-104-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-122-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-114-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-103-0x0000000002B70000-0x0000000002BC5000-memory.dmp

    Filesize

    340KB

    Download

  • memory/3824-102-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3824-100-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3824-99-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3824-244-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4380-196-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4380-245-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download