Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a8de40fd14...cs.exe

windows7-x64

7

a8de40fd14...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe

  • Size

    5.4MB

  • MD5

    a8de40fd149ef481ca353b809cde7a30

  • SHA1

    8daf42af8a9e3fb03c52f524797ba3acba4a2b1d

  • SHA256

    a1ddf25057df770fd0a93b580821f9e1ac0d9feaf60db8b545f199b341db94d0

  • SHA512

    85f842f2e27bfdb6de60ea623a8d4b3423e94f415cdc645699f4e3177e1273216b36096baf63f33444728be910d2021c18092adc042de474bad6f912ddc0a0f0

  • SSDEEP

    98304:emhd1UryeDvYFA7hNOUV7wQqZUha5jtSyZIUh:eljbOU2QbaZtliU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\9D0A.tmp
      "C:\Users\Admin\AppData\Local\Temp\9D0A.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe C6FF9FEF77113D6D34187379F2DB9AA4C109246AFEE2492EFE07CB513C36728787E69429F83617024E30BC5014D2540D9EBA208DA1BC0272479DA4CCF58EEED6
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9D0A.tmp
    Filesize

    5.4MB

    MD5

    575273a6c9e8ae51e6358f52c7314a66

    SHA1

    7b4449cfdeab1b628d6c530c120af851fc561a0f

    SHA256

    05ab009bce2280f7b76a663589bd13ec07e0ea0095f818d21d4941bb286e569e

    SHA512

    8c38cf7fccd4e6428d93266fe038a1942b2c110528c14f7c66d0d45803dec9bdd544273486dbb10db144097ddefacdb9756cae09f903c6fa17c71aab3327678f

    Download Submit

  • memory/1108-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2924-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download