Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6994181770...cs.exe

windows7-x64

7

6994181770...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69941817702b269949c1830e08f54a70_NeikiAnalytics.exe

  • Size

    431KB

  • MD5

    69941817702b269949c1830e08f54a70

  • SHA1

    d8eaa62708c59f15f98b02b4ad3fb8a6f8e9a581

  • SHA256

    9d97f68151a8371a0eb42f64fefe0e5017b00c8cb8c084b7ac4f31041fe7b106

  • SHA512

    7698e7339c427c34f806e65ce34ef3a7a79ec323b76cf3d2e6f4f0990356298e346f78f0673f31d20b1cb50422ed96e8ad2808971d2b1404e8501b8f611ba60f

  • SSDEEP

    12288:+7Etn6J3EvoKlSql4ejAAWxe1X7BMPpqeepz4eeriQ/ANBu:+Yt69EvoKlSql4ejrWx4X7BMPpqeepzk

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 396
      2⤵
      • Program crash
      PID:3680
    • C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 372
        3⤵
        • Program crash
        PID:2524
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2552 -ip 2552
    1⤵
      PID:3668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4472 -ip 4472
      1⤵
        PID:1796

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\69941817702b269949c1830e08f54a70_NeikiAnalytics.exe
        Filesize

        431KB

        MD5

        1d86002b18c5e6c15ad6859094f4d3c6

        SHA1

        de944a59be2d21781e02121253224e03771c4eec

        SHA256

        c54329e440a3363719144ce4f8bdac411331de45c50aa52c7bfe1e1172c22a46

        SHA512

        9006b499267270d34017bb96a1bae47a05bf8cc39f077d64ee6084258f1ef00b202367290bf3784b70d371857438164ebfd17128afc7c8b7c2433989c5cfa76d

        Download Submit

      • memory/2552-0-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2552-6-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4472-7-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4472-13-0x00000000014C0000-0x0000000001500000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4472-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4472-14-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download