Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7254b2f4bb...cs.exe

windows7-x64

7

7254b2f4bb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 15:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe

  • Size

    209KB

  • MD5

    9eaad2399b7d1df38d58cd657ca584c0

  • SHA1

    12ea58fc64b84b2231dbee635bf8a18d92ca305c

  • SHA256

    7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb

  • SHA512

    a8471d7a8cc9416a1309dc2a9376dcbb80d2153b4fee5eb312cbd5a53237b7aeb76f51ab06377c22203447ff8739292552bfd6e3c7c643efe61a50df87657931

  • SSDEEP

    6144:8UtYRjnS+VAONurnnr4ST1y5SHmNKDMtfXp:AFFNorNc58Mtfp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 396
      2⤵
      • Program crash
      PID:588
    • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 372
        3⤵
        • Program crash
        PID:4844
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3900 -ip 3900
    1⤵
      PID:2668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2216 -ip 2216
      1⤵
        PID:3708
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
        1⤵
          PID:1520

        Network

        • flag-us
          DNS
          13.86.106.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          13.86.106.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          80.90.14.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          80.90.14.23.in-addr.arpa
          IN PTR
          Response
          80.90.14.23.in-addr.arpa
          IN PTR
          a23-14-90-80deploystaticakamaitechnologiescom
        • flag-us
          DNS
          80.90.14.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          80.90.14.23.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          136.32.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          136.32.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          209.205.72.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          209.205.72.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          26.165.165.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          26.165.165.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          15.164.165.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          15.164.165.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          35.15.31.184.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          35.15.31.184.in-addr.arpa
          IN PTR
          Response
          35.15.31.184.in-addr.arpa
          IN PTR
          a184-31-15-35deploystaticakamaitechnologiescom
        • flag-us
          DNS
          22.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          45.56.20.217.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          45.56.20.217.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          131.72.42.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          131.72.42.20.in-addr.arpa
          IN PTR
          Response
        • 52.142.223.178:80
          46 B
           1
        • 8.8.8.8:53
          13.86.106.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          13.86.106.20.in-addr.arpa

        • 8.8.8.8:53
          80.90.14.23.in-addr.arpa
          dns
          140 B
           133 B
           2
          1

          DNS Request

          80.90.14.23.in-addr.arpa

          DNS Request

          80.90.14.23.in-addr.arpa

        • 8.8.8.8:53
          136.32.126.40.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          136.32.126.40.in-addr.arpa

        • 8.8.8.8:53
          209.205.72.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          209.205.72.20.in-addr.arpa

        • 8.8.8.8:53
          26.165.165.52.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          26.165.165.52.in-addr.arpa

        • 8.8.8.8:53
          15.164.165.52.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          15.164.165.52.in-addr.arpa

        • 8.8.8.8:53
          35.15.31.184.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          35.15.31.184.in-addr.arpa

        • 8.8.8.8:53
          22.236.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          22.236.111.52.in-addr.arpa

        • 8.8.8.8:53
          45.56.20.217.in-addr.arpa
          dns
          71 B
           131 B
           1
          1

          DNS Request

          45.56.20.217.in-addr.arpa

        • 8.8.8.8:53
          131.72.42.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          131.72.42.20.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
          Filesize

          209KB

          MD5

          6d3f7bf4812147aa3401c35cea411c7e

          SHA1

          b6caab9f3a69139bbadcfa755ae02f6228fff876

          SHA256

          edf0aa680b76900a523ded5e6e9f698c45f117342cc4ff628e3ea5b125f1780a

          SHA512

          d1730609f91f333b9477e665c94eec77afc57d9c395b0e1f825c9f41d9f851c1990832ca5d5507d96b578990b5d0ee1d063c406e908ae5986c91d66a80403ee6

          Download Submit

        • memory/2216-7-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2216-8-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2216-13-0x00000000015E0000-0x0000000001620000-memory.dmp

          Filesize

          256KB

          Download

        • memory/3900-0-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/3900-6-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.