Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

493d02d14d...cs.exe

windows7-x64

7

493d02d14d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe

  • Size

    412KB

  • MD5

    2d3d4a6c857eccdb96c8133d1a423620

  • SHA1

    2eefb03d0bff3d2a70b061c140d212e92d053107

  • SHA256

    493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36

  • SHA512

    617fff7e9b96859b354a81633528c7176b7cb324200698add502f04d081e59f13a8ea2bade3888fc68c21ffc17ad3e30a52493141b7c83c046a740c650b1de83

  • SSDEEP

    12288:DeQikqv1PaCm29pF+RbGmN9+OGzSpKEWsrlVk3HTREacg4Clr3:1qaCmtbGmN9+OGzSpKEWsrlVk3HTREa7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
    Filesize

    412KB

    MD5

    ca6f1f6b245f30826e805500c548790a

    SHA1

    58518d9150efdad8ecf68344e314e609d12e5f40

    SHA256

    1f79266b238f0796f3854a88181ed479f2ec300b182a425c8c4551e6fb8e1274

    SHA512

    3aa81fa91b691d4f6afe79007049c5674aa510b789dab72f03aa2d542de2b40d498bd8b25c2c52d08721dbadbaa39f3350ae435d40ad874ba19f27fcf5dcb176

    Download Submit

  • memory/1028-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1028-8-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2212-10-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2212-16-0x0000000000130000-0x0000000000169000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2212-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download