Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

09e3d74b2c...cs.exe

windows7-x64

7

09e3d74b2c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09e3d74b2c36b8ae95034cb980749a14549bc8a48efbbc33a5f822a7ad5c332e_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    72dbeca798291c492554876ca9096030

  • SHA1

    29c2d9a92b09408503f011aa4dc7958e90fd26b4

  • SHA256

    09e3d74b2c36b8ae95034cb980749a14549bc8a48efbbc33a5f822a7ad5c332e

  • SHA512

    1cb5b93365aaa294d3c22fdb1e4da59804b46b76c6ef8ab780cff720ad25f2d143bdcad1607ddaff7ca4827e158bb3a7727ac6ed96c3c1526315b447c75b2184

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09e3d74b2c36b8ae95034cb980749a14549bc8a48efbbc33a5f822a7ad5c332e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\09e3d74b2c36b8ae95034cb980749a14549bc8a48efbbc33a5f822a7ad5c332e_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpA5B3.tmp
    Filesize

    41KB

    MD5

    2d371d80bab241db96aace805acdece3

    SHA1

    75c255b77c0b4d0a77639cf916e0eedb35c9379e

    SHA256

    7f63403aa072fb34356a4d5b5f3502c5b83f2d568fc85831db6ad51ec1d134b5

    SHA512

    2df8e87b37c2487013b3e4a83cb82f7f38af89e9cc5888b2eb9ee281bf299d2d19134dbab6c35d3db5ee37b4f79a9d6c354b276eb0c2d80627a3165df6a8ea42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    160B

    MD5

    02aa4524f0ef4faf4c0d915814061405

    SHA1

    89ea94b65723746832394be420e85ee3932a1d79

    SHA256

    f7e5e649b9baff5fc4f62e8973c92f0c2955c88704672e5737fb8a6752a80128

    SHA512

    5f40455880fd44904fe16afbcf9f158341bf452a444aabad3c5f5bc1aa5f2c8cdcbe37a71d92e7afd5a8804b399b9fa45b63400a971378215d2e8f7b07521424

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2328-51-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-4-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2328-84-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-16-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-82-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2328-23-0x0000000000220000-0x0000000000228000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2328-78-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2784-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-47-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-52-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-35-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-79-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-22-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-83-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-85-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2784-90-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download