Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

61e73e8a4d...KI.exe

windows7-x64

7

61e73e8a4d...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe

  • Size

    4.1MB

  • MD5

    61e73e8a4d1b219b81781c5c4a750a30

  • SHA1

    f7b9d3e26f946e2a976eb465683274496bab227c

  • SHA256

    53c9d4a01e8909b1ee0a76993aa8f7da8cc3b539f16b2fce2ebf3d5d2569afd1

  • SHA512

    8557a29364eaf395d3356240a5d356f8863c8e07ac87cc3f151c33b859bd4a5259dcb7cf681af14c1fc5d2cd825cf3433a9c4d61963e47fc012809cbe365bbf9

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpH4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmc5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\61e73e8a4d1b219b81781c5c4a750a30_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\FilesLR\aoptiloc.exe
      C:\FilesLR\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxTB\dobxsys.exe
    Filesize

    4.1MB

    MD5

    36338e5280dcea3427758c384f37e70e

    SHA1

    26ee41722d72aa5c9f75b34d718e060036fb596c

    SHA256

    e323850c17d28cea3e648a24c7e8d9ffa3a66953509ac617952a485f4a70ef53

    SHA512

    75a2e301920bad076ab54341937c8a4ca486ecf7d2e2b677b6d3ba426b2ff5aea011bad5bd272bbe51af7140692e921766ba928d0cbffdd1464b0fde6ddb3e11

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    9e24c9853d3e3d3378c192d6e6b781e1

    SHA1

    1c4672d2a58611ac58c52e51cddd2f41bd56d06d

    SHA256

    c0f7335ab0ac873704d6dc4d7905a2273d0528966e5f781b87d288b37961e655

    SHA512

    6bd993299a2c8724b7cab2abd167ba55b7e10651ef21cdcf9d6f76f2551002507f2ef9e011a69714d99932c417c61a1c48706875e50e4bf2faa251b0810a67b0

    Download Submit

  • \FilesLR\aoptiloc.exe
    Filesize

    4.1MB

    MD5

    8a86d00bc666e23dd82b4d98da9f918c

    SHA1

    591d6ed2528dbe949b7cc63d7600b44e22669b5b

    SHA256

    584a59bd0d4fa169faab3ddeaf5084ffd0b10c880c248a6f263d735c1bdd9905

    SHA512

    1d1713cf577f0e2fc5e7316a6e5fd07135b14dbbabd34954d6b081bed077f07aecb3634d73f75cf739cf0bbcd748708bbba49c4fc47689ef55c9393babe1b646

    Download Submit