Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

45985d8dac...KI.exe

windows7-x64

7

45985d8dac...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe

  • Size

    2.7MB

  • MD5

    45985d8dacddb7b6ba0f5f1595b912d0

  • SHA1

    d59eb3be39d114552175bba1f13eaced40b7c104

  • SHA256

    fcbcf120a188de28fdcbe35d73a17d1994a2cb85a4bb53fd5853a834614f2e18

  • SHA512

    7e56fe9b717a3cd9d2c40a2cd491f6ef007d5910f8f84ef580bdfd6fe5b1e1e882ddecca51c8456e339ebfe42037dd0f90b13f5582f6bc6326295a956ed3f384

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpg4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\45985d8dacddb7b6ba0f5f1595b912d0_NEIKI.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\UserDot9K\adobec.exe
      C:\UserDot9K\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3768
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1440

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\KaVBYI\boddevloc.exe
      Filesize

      479KB

      MD5

      c0da3693cbc99cda3a0101d5166715f1

      SHA1

      317422d35ca93d40cb072de8e8d1bd3ac436e923

      SHA256

      4e736d6dea1abfbafc078a1a8375b3a147ddc923cb943111bd3e665438808799

      SHA512

      4e06b4d20844acdaa918a164a2495936f994c2c395c32418fe6312a53daee4b58d04313766df47762249358de54e5ebd518b985308b8bb7f0da471102355f52b

      Download Submit

    • C:\KaVBYI\boddevloc.exe
      Filesize

      2.7MB

      MD5

      73845ff1090aa383f6b6fd86604361c2

      SHA1

      8f67fb924f3d045905aafc6762db8ba4dbdc2ea9

      SHA256

      6f99f53e52c113ad94474cb572ff0310bff9c8ea382f962df837fadfc5150d28

      SHA512

      a18fe15769b4267d7a7be1bf0a34478a77a333fa1533be7481e3a693f58a0c1b134fceb352bd24c89118cd812cc8c3724676a5ac22b7428559e93b635cb3cbd7

      Download Submit

    • C:\UserDot9K\adobec.exe
      Filesize

      2.7MB

      MD5

      1f31d740d41c92a6ec10c4b1533a4b51

      SHA1

      a184cf375a26d285c3363089f1d89b99dd844535

      SHA256

      9689d6eb8089793128ece7aafeae184fef1e1ded1a9fb519fcbf069c9682a504

      SHA512

      2fcd566b613bf407153b7a194c512605fb831f5ffbdd8c565a3ec0d38339e8762d4ef3becd24b311d66e1e786d3ee7031a46696cda8861ababea24defd502ea7

      Download Submit

    • C:\Users\Admin\253086396416_10.0_Admin.ini
      Filesize

      205B

      MD5

      91f7d996b4f93e36972306784b03cfa5

      SHA1

      76628baf1e33eb9327c171f654053603349bbdc1

      SHA256

      ad3b5bd395b1cd54465b00119856bbc0a74c97c59070ada12e9024839eb16470

      SHA512

      1846d7d2eee485c4133dc17501349356c37af27ad7beafeb403764432d61a3a9209f40a82bb70faf936713b7c1773a42cf38e1456e8b0b8a30517bc0b5f5ad6f

      Download Submit