Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0f1a32d075...KI.exe

windows7-x64

7

0f1a32d075...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1a32d075a96c284587335f18c2c7e0_NEIKI.exe

  • Size

    2.7MB

  • MD5

    0f1a32d075a96c284587335f18c2c7e0

  • SHA1

    335d02beebd788397e1f4f7acae2820e2577c723

  • SHA256

    242dadc4e334c183859a0bea67d55e9eb1965dd40e2c9850b596697961872479

  • SHA512

    293ea8d3991e617907d338052568add2aca096b91903d32a649fa9da8368f569bf168459b14aaf561b96c900fb4faffa48ddc05f299fcd5bf080a12ca0be64d0

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBf9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1a32d075a96c284587335f18c2c7e0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1a32d075a96c284587335f18c2c7e0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\UserDotC9\devoptisys.exe
      C:\UserDotC9\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBMX\boddevloc.exe
    Filesize

    2.7MB

    MD5

    a30f66393a979c660cddb1a42bd060e5

    SHA1

    c8403b458c5594271eb3f7ee95d43cb9aa37ce54

    SHA256

    00442110796784c8970bcc1a02c431b0e61956d3900adbcce4dc031163fea9ea

    SHA512

    07daae3d33abd126aa2566ab4ff8b810d7b3f4f7fde761cd8be4fa1443f88657fa1bee9576a2b252de18d7f5a2e82bfb8d440495ced984ed8c3afb8a67f829a5

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    e398c140634d94c6ec96597a876268ca

    SHA1

    b373571449c3ab073d0d0a68de03fec9ed399281

    SHA256

    d60ad739e6166c5a119c39b6999a22de521004c3a8ae418aa04d432d1c1f7c6b

    SHA512

    960bf5678f37f78e15265cab6ac79b56cce58fd091bc4123c07939abd4dc1c4e4025a9aa1214b1fb260ccd7f3552d946bdb441bd0eea9424de2ed377d18edfb2

    Download Submit

  • \UserDotC9\devoptisys.exe
    Filesize

    2.7MB

    MD5

    fc5f0a73f492edf6217fa7f671318772

    SHA1

    6e9adab4848da2e315b99978c3a79921b25f52c6

    SHA256

    a884c4e329f4110ace0d80174040c3d85e373af72092afe3338646e5e574adce

    SHA512

    d49ec76146fb2d910f455cb110aa15729301994e221d7b53e525a644e3ad142881f0c672ee48485943cd1546e69e45da5961ee6a824ad0dfdee61fb0c4d884e2

    Download Submit