Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

5428fd0ab0...cs.exe

windows7-x64

7

5428fd0ab0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5428fd0ab02a0b92d9392ad9830d6040_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    5428fd0ab02a0b92d9392ad9830d6040

  • SHA1

    78e4a42e5d88c01789fda84eb73d9a7e3c7a09c6

  • SHA256

    e6240df3552325cb4b745d800c4e260401171bda1dce540451ddda9a88fba890

  • SHA512

    9ce834e323750400c89cae0015121b4f7831f8bf027c610b3e96a3c6af3171e29fc6ba9e51f069e7a8d44233b49bcca1ae0c0212ae3f40784e0de3199bd5a7ca

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QhR:riAyLN9aa+9U2rW1ip6pr2At7NZuQhR

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5428fd0ab02a0b92d9392ad9830d6040_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5428fd0ab02a0b92d9392ad9830d6040_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    2653357b01fd16be2aafc9935be3cb40

    SHA1

    49ade2fc154d532d3f80ac3c553533c259f6b481

    SHA256

    1494f465ca771bf8fdf7233baf3c84b773453ea04cf4addef25afb223eaed1a4

    SHA512

    6dca45fe381ce4274aa8b171d3a5f0846d4715d402148a8dc51f3267a149a52764d119e0f65b22cb2e0891f8f7af49a62959dcdb4b4fec97acf11cd0ac2cf1e2

    Download Submit

  • memory/1936-0-0x0000000000ED0000-0x0000000000EF8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1936-7-0x0000000000ED0000-0x0000000000EF8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1936-8-0x0000000000C40000-0x0000000000C68000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1936-10-0x0000000000ED0000-0x0000000000EF8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1944-6-0x0000000000C40000-0x0000000000C68000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1944-9-0x0000000000C40000-0x0000000000C68000-memory.dmp

    Filesize

    160KB

    Download