Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

032601ba4b...cs.exe

windows7-x64

9

032601ba4b...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 21:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    032601ba4b164d62e1869183b8bfe5a716ae084af72ffe45b90eff748cc35b5e_NeikiAnalytics.exe

  • Size

    86KB

  • MD5

    7128224987fb2a7ffce031a33a937ef0

  • SHA1

    4ed420c8eefed4b7965e4926a7e14a97d576bf76

  • SHA256

    032601ba4b164d62e1869183b8bfe5a716ae084af72ffe45b90eff748cc35b5e

  • SHA512

    6a31ada6fcffb241ce801f9b1f06780f16a71164f557c135922cf38de8af41ba0eeb1c9ece70b9e8739237a96d66f06cd4bfde42d752a0712ab0fcb48320422f

  • SSDEEP

    1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888C:9QWpze+eO88888888888888888888887

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (4878) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\032601ba4b164d62e1869183b8bfe5a716ae084af72ffe45b90eff748cc35b5e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\032601ba4b164d62e1869183b8bfe5a716ae084af72ffe45b90eff748cc35b5e_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4736
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4280,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
    1⤵
      PID:1060

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp
      Filesize

      86KB

      MD5

      9c81fcf2edfaf1596de043a9901ac2ec

      SHA1

      10daf2bb615b06724132eb8cdb8dc735e4be182d

      SHA256

      9b91826af10961bd150100c68c141dc7565ef3cc5b71259b186984424f2cf134

      SHA512

      efe126884629ab7743056f99f9cff7d7e391445b07f824a379d887328e7d7a8b67378e54c6bce0ae55e024091fb632ffa39b7315ddbd62af95ac34809271174b

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      199KB

      MD5

      c496874a491aa027504691d050335359

      SHA1

      7de263732980090b716ed3034c331afe6ba70cad

      SHA256

      a9dbde9965ab85c23e0c4572b40ab4876c791680cf93122cb52aca1999d4e6fd

      SHA512

      8ae6f2da7409230ad619317f533b356ecc81b12e876d4557adc9c3681a329fc2d7df384b9760257357c874d9f105d8241e0a1376a8ba0233264e3aca58483470

      Download Submit

    • memory/4736-0-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4736-1790-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download