Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04bdfdf420...cs.exe

windows7-x64

7

04bdfdf420...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe

  • Size

    4.4MB

  • MD5

    04bdfdf42053d37a449bdf214d2e0970

  • SHA1

    09f918117ed752436829a19d00adb1797f731ef7

  • SHA256

    5a6e8de5235f7ff0334bf538da1591a118d4a1c72337ff1009b96eec10ed93ad

  • SHA512

    9e7be918e2b9e4b3aac0516afe142d3f36831020ab5abda8f495738f7de41e588c9a2c838d929da87ed517051c3cbd540162aa9bffe6724c1d84d4fd587aac47

  • SSDEEP

    98304:emhd1UryebsNeIe1vqlzdYV7wQqZUha5jtSn:el7soIe1vGu2QbaZte

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\Temp\CDC.tmp
      "C:\Users\Admin\AppData\Local\Temp\CDC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\04bdfdf42053d37a449bdf214d2e0970_NeikiAnalytics.exe B13820E97FD0EE8E5965DBF2C48A69842FD9F75F4F51B651B6BA4472746A3A69A087D23E38440913DE9289C713408B163EC73960ED751BEC8112960222E4DC29
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\CDC.tmp
    Filesize

    4.4MB

    MD5

    2fc0a0729b4629c5fad9326b8ff48f64

    SHA1

    8c7aedde67de8e6787312864dc4a70796fca60dc

    SHA256

    21b9816d7a59b8a15344086304743ffc9c5f2498773f6bf2eec734f30724197a

    SHA512

    eea74860b64f40a343000872c98238ec656304cb37ed1ac6323b6c578854e90f68074273a619e35a9fd78aad8a8b643d672e1811ff6a23bd30f8d6054511dfd9

    Download Submit

  • memory/2268-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2288-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download