Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7bbec4524b...cs.exe

windows7-x64

7

7bbec4524b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe

  • Size

    448KB

  • MD5

    c15c397da07fd2afd63d0d05bc6f2410

  • SHA1

    b09d596774f52b67ee01452225c45c481b72e2e6

  • SHA256

    7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11

  • SHA512

    0a509d87396a12248f9e6292301d0860651d2938b22c8d8a0aeb6b0a20f21d4dac713546e2a4423dee58fe1f74e52f4028de17b5be5c6c58876698a176ab0b71

  • SSDEEP

    6144:aeBsf2kLcNg8j6Sb/xQNIDEqZK0W7cyqCxSngmMBqfycuPbUl0i5cD5J6K1mx1+:Nw2mcpj1xIwEqZQ0npM4dl0v5JdmY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 384
      2⤵
      • Program crash
      PID:3428
    • C:\Users\Admin\AppData\Local\Temp\7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4000
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 352
        3⤵
        • Program crash
        PID:4896
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 768
        3⤵
        • Program crash
        PID:3964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 788
        3⤵
        • Program crash
        PID:3476
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 808
        3⤵
        • Program crash
        PID:4468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 216 -ip 216
    1⤵
      PID:2572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4000 -ip 4000
      1⤵
        PID:916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4092,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
        1⤵
          PID:1236
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4000 -ip 4000
          1⤵
            PID:4048
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4000 -ip 4000
            1⤵
              PID:3720
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4000 -ip 4000
              1⤵
                PID:1632

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\7bbec4524b1b8a7cb78abc1658ffa82e50744b7897cc7e26eea0439bd20f4a11_NeikiAnalytics.exe
                Filesize

                448KB

                MD5

                102785c442ee713173f3fef0f3ca7a09

                SHA1

                99206d00dade08bae064fee79ff1401ccf94d082

                SHA256

                b2b314bc70481e16c78fe90d1db87d0ea881440900a9fa4dc086b650bf3cd7b9

                SHA512

                75756fac13428b1439dcac47f33cf6460ccdb861cdf2d1ed42aa0584b725f85d1eb0b295ecc08c616cdf9bff81ab963ecbc362f2ecee5ccb8644c76f394cee1f

                Download Submit

              • memory/216-0-0x0000000000400000-0x0000000000438000-memory.dmp

                Filesize

                224KB

                Download

              • memory/216-7-0x0000000000400000-0x0000000000438000-memory.dmp

                Filesize

                224KB

                Download

              • memory/4000-8-0x0000000000400000-0x0000000000438000-memory.dmp

                Filesize

                224KB

                Download

              • memory/4000-9-0x00000000014A0000-0x00000000014D8000-memory.dmp

                Filesize

                224KB

                Download

              • memory/4000-10-0x0000000000400000-0x0000000000415000-memory.dmp

                Filesize

                84KB

                Download