Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c5f7b6d669...cs.exe

windows7-x64

7

c5f7b6d669...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 00:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5f7b6d669ff3b85fa5d7bd6e4e16130_NeikiAnalytics.exe

  • Size

    4.2MB

  • MD5

    c5f7b6d669ff3b85fa5d7bd6e4e16130

  • SHA1

    9de79260f51149d80303a781923963d4ac5325e7

  • SHA256

    5b0098bc06d6c48e0af71aaa91dccdf66d95774ba7f26c7c5fd607b560cd610a

  • SHA512

    e80ae9aa653cdeddd0bc135174b9bed6a2612c53944d9d09c284f3d8ab08f6cef577e227c2c964f657c56f131edfdba84fd828ec72459d30ce42b60fc649d411

  • SSDEEP

    98304:Cmhd1UryeToJewgWvEn0cDXbuVLUjH5oxFbxhVLUjH5oxFbx:ClzozgWMn0c7buVUjZEdhVUjZEd

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5f7b6d669ff3b85fa5d7bd6e4e16130_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c5f7b6d669ff3b85fa5d7bd6e4e16130_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Users\Admin\AppData\Local\Temp\511D.tmp
      "C:\Users\Admin\AppData\Local\Temp\511D.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c5f7b6d669ff3b85fa5d7bd6e4e16130_NeikiAnalytics.exe BC5F83906CA79E41DE8BEFACF9B3FAFBE8A28F4F8F71C4979AB4FCA6119C86DD1A0541424EC330E015C4256AF099B003754F50AD63E2A97CABFD0DAD906A6B84
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:3112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\511D.tmp
    Filesize

    4.2MB

    MD5

    7631c316cc674fbca3fb2670a575ecca

    SHA1

    e571ea8b05ae4823f7074c37b1b8a0d7ba9a5331

    SHA256

    916b0a9a27f3f86c9533a8d51ef605be9153ac5f0fff870f2baa9b7165772eb4

    SHA512

    49e9f2876d4e8d8f4675608c5cfef4655300394e746144a4a00f1fe54688edbe8c6d27e318694d137307b0f239b9a214caec426633f9745b5052c3dbd5d9f80b

    Download Submit

  • memory/3112-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4928-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download