Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

34e0037bcc...cs.exe

windows10-2004-x64

10

Resubmissions

11/06/2024, 12:48

240611-p15w7sxdkb 10

11/06/2024, 12:33

240611-prnxbsxejq 10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34e0037bcc8771562310c79656b3d650_NeikiAnalytics.exe

  • Size

    110KB

  • MD5

    34e0037bcc8771562310c79656b3d650

  • SHA1

    ffb3e4b3706dbb1410305420fa3a6dbb3621614e

  • SHA256

    8b6dfd3ffb94305fd1931e7a6d2250bff2d87f0a5888ffb77d1c57dae621b041

  • SHA512

    5383a32bb0ff15efd62f75814369a179ce37dada90dc115769ac1823035a1e988c72dcfefe3503b23f72be1fe5f5ef4fe49c78fb2828bc426972b1077dc5a5db

  • SSDEEP

    3072:G8RtOU39lFdhTx4rPdy6aGzw2fZwNPFS2308TI:RRtOs9zSM6lRGPg2I

Score
10/10
azovpersistenceransomwarespywarestealerwiper

Malware Config

Signatures

  • Azov

    A wiper seeking only damage, first seen in 2022.

    ransomwarewiperazov
  • Renames multiple (542) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34e0037bcc8771562310c79656b3d650_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\34e0037bcc8771562310c79656b3d650_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:4892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
    Filesize

    2KB

    MD5

    78ede93114e65f9160fd03d3357c56e6

    SHA1

    88d531b101e57655f1d0d26c6b3257aa2468d460

    SHA256

    c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

    SHA512

    074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

    Download Submit

  • memory/4892-5-0x000002BED6E70000-0x000002BED6E75000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4892-4-0x000002BED6E50000-0x000002BED6E57000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4892-6-0x000002BED6E70000-0x000002BED6E75000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4892-11-0x000002BED6E70000-0x000002BED6E75000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4892-3-0x000002BED6E70000-0x000002BED6E75000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4892-2-0x00007FF6A2C90000-0x00007FF6A2CA6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4892-10-0x000002BED6E80000-0x000002BED6E84000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4892-0-0x000002BED6E80000-0x000002BED6E84000-memory.dmp

    Filesize

    16KB

    Download