Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a8de40fd14...cs.exe

windows7-x64

7

a8de40fd14...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe

  • Size

    5.4MB

  • MD5

    a8de40fd149ef481ca353b809cde7a30

  • SHA1

    8daf42af8a9e3fb03c52f524797ba3acba4a2b1d

  • SHA256

    a1ddf25057df770fd0a93b580821f9e1ac0d9feaf60db8b545f199b341db94d0

  • SHA512

    85f842f2e27bfdb6de60ea623a8d4b3423e94f415cdc645699f4e3177e1273216b36096baf63f33444728be910d2021c18092adc042de474bad6f912ddc0a0f0

  • SSDEEP

    98304:emhd1UryeDvYFA7hNOUV7wQqZUha5jtSyZIUh:eljbOU2QbaZtliU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Users\Admin\AppData\Local\Temp\4074.tmp
      "C:\Users\Admin\AppData\Local\Temp\4074.tmp" --splashC:\Users\Admin\AppData\Local\Temp\a8de40fd149ef481ca353b809cde7a30_NeikiAnalytics.exe EFBD33BF7210C05B6EFC4D834D7780F71B8DC20A335AC82EB41187991A02AB7B64CAAA2E773FC2B50A435A0C3F7A0439B7062A49E0DC78163BC5A2EDD62013DD
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4074.tmp
    Filesize

    5.4MB

    MD5

    189a4573c4fb872d66a0f0a2a6881ab0

    SHA1

    f72caba817d1276057d5e907f7fe93b464a7c762

    SHA256

    17b81634b85ddcaa0a4cb18f3da025d83e8c52cc59116dfce34f6ce35df4f9db

    SHA512

    70f2d99410111e8e5d7d11a3a3f8da4cc85d6f63f5a74391932a625121a9835b9b4bbb27d0248ee09f2306ab8908085122192c5ad76fc08671ca0f9ca9fb4a44

    Download Submit

  • memory/2284-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2912-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download