Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

610764a027...cs.exe

windows7-x64

7

610764a027...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe

  • Size

    410KB

  • MD5

    610764a027dd55a73af5dca9608a6b40

  • SHA1

    4337c798ac06323c047632fde05c113640519df3

  • SHA256

    d5c0832b6b92a21904024563856612c86ded290ef0f8d2af18aa6e53911e15c4

  • SHA512

    4861ba12ce3e0f8806f6e90f55d0ae6f378eef60ee996062a140a206b73671a13b9c0dc43a81d8084a4b7dfe4c9640e94425420011c9baede21dc6a9ec455e95

  • SSDEEP

    12288:Aq5hK8fpU7nDfEF9XmzHXFSe7wuf9XmzHXS9XmzH:Aq5hLfpCnjEF8zHXFSe7wuf8zHXS8zH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 396
      2⤵
      • Program crash
      PID:4028
    • C:\Users\Admin\AppData\Local\Temp\610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1760
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 364
        3⤵
        • Program crash
        PID:1436
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 172
        3⤵
        • Program crash
        PID:2992
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3760 -ip 3760
    1⤵
      PID:3672
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1760 -ip 1760
      1⤵
        PID:4640
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1760 -ip 1760
        1⤵
          PID:4472

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\610764a027dd55a73af5dca9608a6b40_NeikiAnalytics.exe
          Filesize

          410KB

          MD5

          220326da39a10b49db93f62c82ba3dd6

          SHA1

          b4eda7933c6ac2ef03ed3a30e91183775d6a9df4

          SHA256

          7fb854044d5973f2236e34b6c282ec76856b0d46d675cccfd8b905fb09307d09

          SHA512

          7045ff3b0a5cefd88f2d93e6b005ee4f470c02cc379bba60210b796b90a5ade89ff94946752115601436a1f5983cfc16f1c95646357a947829c2bf88ca31a441

          Download Submit

        • memory/1760-8-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/1760-10-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/3760-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/3760-7-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download