Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7a9ef8bc0b...cs.exe

windows7-x64

7

7a9ef8bc0b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe

  • Size

    784KB

  • MD5

    14d80c67380942f50a1a0114ccce7590

  • SHA1

    583d9e530c224bb043d5a74f99e6111c8f3096c5

  • SHA256

    7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c

  • SHA512

    6fba9e27f209d2362eb25343d35dbac5fb2cb3ce6cd6171f6bca005f9f2b436f09c9dabc29cdc87fb490197ee73cda2acce10b703631fb6c90e4017d205fb510

  • SSDEEP

    12288:4jauDReWsTfI0Wq8OW4yc0FehQBbj5xW/HR/68lr+t4vLFt7X04uPuR7GbRErgcF:4DD0DN8TWxrFgrYTW98

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7a9ef8bc0b25c451328716cd7ccfb2715313e45b8f42bdb725a4e07d1fcc039c_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\ProgramData\sivmg.exe
      "C:\ProgramData\sivmg.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    784KB

    MD5

    e7374ea44307dc7e04875b92dbefc1e0

    SHA1

    af36555d77336ef7042675c90704f66154dba0cc

    SHA256

    37eec124f53ee2badab5b76475edc715fadc4f99021d4453d73222f25c1d1814

    SHA512

    a188f1166f3076333d5cb4b84c8822eedc6098459258e7538ec9b8a777b42f3394a993b1c0f30950ba129e0f569ac253834d4a1a6d6d882ef30b7b01ce9d989b

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\sivmg.exe
    Filesize

    647KB

    MD5

    21ed61375199bb3b1a27721abbbf54f0

    SHA1

    643ae403edb6af2949dc1778fc644b727447442c

    SHA256

    11f0e89b72fc62658c3a36363a40ee31c9875e2293853238063e91b4a2e50a3c

    SHA512

    dbfbccefe92c9d5bff4b35b6c6956981da39d6d8108e26d06e87ddffa6e6dbba1d5b36433086c7e94e1de1a58ccbd3160d44f3d9b783e792b131d48f337598e3

    Download Submit

  • memory/1088-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1088-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1088-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2296-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download