Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

45985d8dac...KI.exe

windows7-x64

7

45985d8dac...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe

  • Size

    2.7MB

  • MD5

    45985d8dacddb7b6ba0f5f1595b912d0

  • SHA1

    d59eb3be39d114552175bba1f13eaced40b7c104

  • SHA256

    fcbcf120a188de28fdcbe35d73a17d1994a2cb85a4bb53fd5853a834614f2e18

  • SHA512

    7e56fe9b717a3cd9d2c40a2cd491f6ef007d5910f8f84ef580bdfd6fe5b1e1e882ddecca51c8456e339ebfe42037dd0f90b13f5582f6bc6326295a956ed3f384

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpg4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Intelproc2J\devbodsys.exe
      C:\Intelproc2J\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    210B

    MD5

    f07c13916643165ba93a20e4c04a41d8

    SHA1

    1c191367f14b06c13ff26a0fe937aa934af9c3a4

    SHA256

    c0994d2caf0c5bf2598913f8ffa3f9c4dd3eaf5cb13778748c4753b1a725acf9

    SHA512

    e0770f5cf75e2ac80edf21bfe5a95f1fd9e8efa228de7fbaec69d8e0b701c3372c11697436912d99077711c146c889b423e02527071d2e15244ada86d0b235ca

    Download Submit

  • C:\Vid33\optidevloc.exe
    Filesize

    2.7MB

    MD5

    a77fe6a3832ebb2d96115d35e439b361

    SHA1

    a513fc87bb3aabdbe5c624d3f41f636661679a2f

    SHA256

    7b839959dc7c616755a7d3b34eddb4ac8da7a0ea7367c5fa57090f92a047f056

    SHA512

    199ac559f3d32fdbe4214e9196a42cb8b5641c9ba350a4451298aeec60727ac7f02f88dd3a53078ad43b2d4573ad868013075c6c81b69813cf349de38ad451fc

    Download Submit

  • \Intelproc2J\devbodsys.exe
    Filesize

    2.7MB

    MD5

    c66f17ab5ea9c713092334a264f450e1

    SHA1

    474077b2cf79cd7b442dce75c07c8f59cc51565a

    SHA256

    11d858f8fe445c31486a87a30899d0168ec6e5de73bb33252bb749b65f941406

    SHA512

    bee494deaf3ec8ace0bb7cf1c2550dce307d136d3d525d6bb7179aac5b280da1a71bff08574f6312219e870220cdff2b018da78950dee45040db6307d4066938

    Download Submit