Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

8cb5270d22...cs.exe

windows7-x64

7

8cb5270d22...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cb5270d22d3d3adff873ac037df9e20_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    8cb5270d22d3d3adff873ac037df9e20

  • SHA1

    f70375da5ff0d4a806b9bd1a144f494cd3cca7cd

  • SHA256

    315a315970fb047492fde0edbba82cd9f47be4f631d6b0b4711d8ba64b6a6047

  • SHA512

    16b01055e60a59bb947888d0e885cc1786ab7bbe6c2bb991968192595f7f41278a0d71d0d9a09f19cb75069bb54e893e65d8866a8ed431c27aecb90661da2c9a

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Qt:riAyLN9aa+9U2rW1ip6pr2At7NZuQt

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cb5270d22d3d3adff873ac037df9e20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8cb5270d22d3d3adff873ac037df9e20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:1608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    a075a1ee0b3a5606149430524d5fdf05

    SHA1

    6b0a0a613c179f5947a44d251cc5b42c85625d0c

    SHA256

    0c79ac0728a2970381491af4bc1284d7457e695379dd1c0014be026f9d19c267

    SHA512

    c04b383e965675f248cc483280a02afa4d3f29655c0992cd462765fe2d3ad180e72bf9b1fd2dc32f35c239c7ad1c8717d59df9666cdb742b76b2536c8d6fdd88

    Download Submit

  • memory/1608-7-0x0000000000D30000-0x0000000000D58000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2056-0-0x00000000000C0000-0x00000000000E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2056-4-0x0000000000080000-0x00000000000A8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2056-8-0x00000000000C0000-0x00000000000E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2056-9-0x00000000000C0000-0x00000000000E8000-memory.dmp

    Filesize

    160KB

    Download