Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
08/06/2024, 00:41
General
-
Target
7c62d79509e3939ef3cb5c4f2816db40_NeikiAnalytics.exe
-
Size
411KB
-
MD5
7c62d79509e3939ef3cb5c4f2816db40
-
SHA1
cb98d9187ff002068f13a3ad5a8d8630cbfdf531
-
SHA256
2e2bd861f0460323c07dd53a3f11f0d1f80a74beec087c81de0cacf362697336
-
SHA512
069dc9bff28016fa5a9463dfde1beb0fe60e56be6ed1b0404ee41848a9af36458467f5cb14091acc3eaa4ef6d6dd674eccc1ccd74ac73634223e714dfccdfafb
-
SSDEEP
6144:gVdvczEb7GUOpYWhNVynE/mFlppaiiYMa6wSVsNwBdt1eJg0xPjqHI:gZLolhNVyEg8iiWSVsNSdt1OvjqHI
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c62d79509e3939ef3cb5c4f2816db40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7c62d79509e3939ef3cb5c4f2816db40_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\780D.tmp"C:\Users\Admin\AppData\Local\Temp\780D.tmp" --pingC:\Users\Admin\AppData\Local\Temp\7c62d79509e3939ef3cb5c4f2816db40_NeikiAnalytics.exe 9957181EEA18FA78704C2F8A876377C9DC8DD22F9B9577DEBB792E66269EE501CF2BF3E78BD3E64DFC116EDCA95180F6ADC145EED183EF35411C038991C89BD52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5861ecf6aee39350f93be9af2798b710a
SHA175711205672d32b9d8be5b5eb94cc945ec754489
SHA25665e7e08260ac316059142e50ea473d8b873d72050fcda2b2eb5671b73aa4682a
SHA512755e2823a8a01857a3ad7f53f65d743a368a86a1a419e708e09dd40a06af3a09f74e9816ad076a73bca8683fe4becc973f620e28edd4ffe94b67c24a870effa3