Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

60b7aa4ea6...cs.exe

windows7-x64

1

60b7aa4ea6...cs.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 05:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe

  • Size

    320KB

  • MD5

    60b7aa4ea638f374b44cc2676ad447a0

  • SHA1

    714f413a11abc1cb26b85dfcfdbb3cb2d20a62a5

  • SHA256

    ad90736eea120efefa04cb406bd4ec115cd82fa3df4069754db280d7d7714e87

  • SHA512

    498ae8af239e99af1ef83f989cf80ca70f0d0baed02d7722da76b0130f22d3085be728425d3fefc5e227c01a6e6fad53b49801642fb7737190d13308c1258673

  • SSDEEP

    6144:xrkohxK0T4RYAbIlmGyaBafHGQDPwUij7sJ660lz9b0i1:xrTg0T4RYHiPwUivMil1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\60b7aa4ea638f374b44cc2676ad447a0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES362D.tmp" "c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\CSC7246D83EFB04449293A5591839A692.TMP"
        3⤵
          PID:2436

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES362D.tmp
      Filesize

      1KB

      MD5

      166767e26e73aecb2f3433bd3107d1c3

      SHA1

      e9c5e275ba6b6b43c00dbcde8b20d94aa9d7ac5c

      SHA256

      ad6c77a461ec6bf78b23444c7b592a38f29c0e83d0fb8d713e85f5bfca8a6f55

      SHA512

      a549be3a6aca24955d4b71829a4e83efad72d7580db7495b93a3d75419a158d9e4e9943eab18deab31dad5238fd6b24261deaf0fff341bbb7f4dd397beba4222

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.dll
      Filesize

      4KB

      MD5

      6a4a1e65b4f7677261a2ac919c083e3c

      SHA1

      cf6fa0cbb250b3dbecc51b3949daa7cda408985a

      SHA256

      8e1a15fde0a411775eee6f8245fb08097cd4a2aa88a44534b39d0840c544af50

      SHA512

      07d1d82b16fbaf436a296190b5d1b4ced9e3473d9736e2011dcd7fdd3a11d725a550f0390fb156c5b23708140971b924c8af42f2aa69517111bdaeda8ba9b80d

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\CSC7246D83EFB04449293A5591839A692.TMP
      Filesize

      652B

      MD5

      a4a09bcd01de34331b1ba7d079e3bfc9

      SHA1

      a9cc4b4dec111d5c0b9471ee25bb8b7adc825b0d

      SHA256

      fdddfa95f89a2b6cc75e84d0842849a46a9782ab8e56ab7992b6b5f2d28151a2

      SHA512

      defb2556b0cdeff9915581f1ae0cedd719b0b70c79fbc81b2b0dba76c6d4a7825bee5cf2586775825bc99ea05e8d2ac9e649c909696e6f1fbcbc3205369269f4

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.0.cs
      Filesize

      1KB

      MD5

      f420ebb3150f0764331a33377a7451b8

      SHA1

      8ed9b9d610e8ab76aea82a3830ad31059517630b

      SHA256

      dfb6ab38744b3a4e17cf7fa75b3126e88cbeabc907008f3921ff41c523a99a27

      SHA512

      b92767736261cb7c10f58576c44e62cd0d105e90e139b376d52ccb5cb7ca189205a1f7d7a5fec5d739f8763eded8b5c55b9057217fe9a55b1e151dc700760cbd

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\lmf4xdhj\lmf4xdhj.cmdline
      Filesize

      208B

      MD5

      49e55b24a9ec01b6184ee586134b59e7

      SHA1

      b216465f491ec25694bb988094397fdfe065ec7a

      SHA256

      2ef8381d29dc5570b834711d6c426b90e92b3390f94b77a700b8d7bc1727c0db

      SHA512

      813c3a49722e9b4522617fff7268825fdb5605a0396e0927eeafad4909b26b5a0b79e8bca322fb2ea2245329fca1ef14dd04412bf7c6473c2054180e1a5033e5

      Download Submit

    • memory/2844-11-0x0000000001EE0000-0x0000000001EFA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2844-16-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2844-13-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2844-12-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2844-0-0x0000000000300000-0x0000000000301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2844-10-0x000007FEF5343000-0x000007FEF5344000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2844-9-0x0000000000300000-0x0000000000301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2844-27-0x0000000001F20000-0x0000000001F28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2844-29-0x000000013FFC0000-0x0000000140019000-memory.dmp

      Filesize

      356KB

      Download

    • memory/2844-30-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

      Filesize

      9.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.