Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

b7b940a664...cs.exe

windows7-x64

7

b7b940a664...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7b940a664cbce85531e74cb015d90f0_NeikiAnalytics.exe

  • Size

    134KB

  • MD5

    b7b940a664cbce85531e74cb015d90f0

  • SHA1

    4239cfca3ce4cd2ab4fff288b021e67260942635

  • SHA256

    bd94f120a8ed65bbdb4d70a797e5ac57c49b87500b8e2a5578ddc107aa3f51b9

  • SHA512

    32522b74aa6122b1ba3d8520081346aa4da840bfb2f38d6db1cad1e85ff7b0d1423677758252543b993592b06901fcc8ba02af7eecb2f4e3b351849629c47225

  • SSDEEP

    1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QD:riAyLN9aa+9U2rW1ip6pr2At7NZuQD

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7b940a664cbce85531e74cb015d90f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b7b940a664cbce85531e74cb015d90f0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\ProgramData\Update\WwanSvc.exe
      "C:\ProgramData\Update\WwanSvc.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\Update\WwanSvc.exe
    Filesize

    134KB

    MD5

    a322fd9465b182419de970ea9dcefdbd

    SHA1

    3ac2059a2359b4ff78d02a3cc8ee179fef320d00

    SHA256

    52b73ca806761ee1326754aa450a3af4aca84df7ab5c1166d6ec081a7bb2d7bb

    SHA512

    cb68e78e3850d03b517bec6f3cd757b6154340e115e4a62ea733e4afd6dffe186597ba67e80a5d47286dc128724540a0db4c60c9717815ae5c15ac3061a6331c

    Download Submit

  • memory/2352-0-0x00000000009C0000-0x00000000009E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2352-4-0x0000000000130000-0x0000000000158000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2352-8-0x00000000009C0000-0x00000000009E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2352-9-0x00000000009C0000-0x00000000009E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2988-7-0x0000000000EF0000-0x0000000000F18000-memory.dmp

    Filesize

    160KB

    Download