Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

493d02d14d...cs.exe

windows7-x64

7

493d02d14d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe

  • Size

    412KB

  • MD5

    2d3d4a6c857eccdb96c8133d1a423620

  • SHA1

    2eefb03d0bff3d2a70b061c140d212e92d053107

  • SHA256

    493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36

  • SHA512

    617fff7e9b96859b354a81633528c7176b7cb324200698add502f04d081e59f13a8ea2bade3888fc68c21ffc17ad3e30a52493141b7c83c046a740c650b1de83

  • SSDEEP

    12288:DeQikqv1PaCm29pF+RbGmN9+OGzSpKEWsrlVk3HTREacg4Clr3:1qaCmtbGmN9+OGzSpKEWsrlVk3HTREa7

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 396
      2⤵
      • Program crash
      PID:2276
    • C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:100
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 372
        3⤵
        • Program crash
        PID:2572
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4480 -ip 4480
    1⤵
      PID:3984
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 100 -ip 100
      1⤵
        PID:2884

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\493d02d14d92fb5825701fd358c6f7fed33d9a6ce0a713f50216aebd62b11b36_NeikiAnalytics.exe
        Filesize

        412KB

        MD5

        e0d7e312ba2abb334601a9294003b558

        SHA1

        c78682a346f25f1af0e3e200b1ab6933636f384e

        SHA256

        33b7961035ce96fc4d0879a6e5c404d0f5712b09fd775b23baf9a649f3fe057e

        SHA512

        a941b47f587e9317a3a02ce5d5c94fecd98960dd1ab22cb78a284311ffefa198ef8336d0ce368d7fc6a8b53d5324bf3850a1224a26a6dd5c571c3fc0a510a245

        Download Submit

      • memory/100-7-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/100-13-0x0000000001650000-0x0000000001689000-memory.dmp

        Filesize

        228KB

        Download

      • memory/100-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4480-0-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/4480-6-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download