Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

39ce1a9e6e...KI.exe

windows7-x64

7

39ce1a9e6e...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe

  • Size

    4.1MB

  • MD5

    39ce1a9e6ea14eef61f4785fa5725b10

  • SHA1

    8168d378ab9761de383659128816892e1ab0fc26

  • SHA256

    f5030a7c68a0d63ba7c6aebf321466c9705e64bfb615235bbf56f778220c3ea2

  • SHA512

    a45388c2fae2b88f52beba7dd49dd888a11b07037617297364335c93e60152044a77daee903003f7fada626210e747e6d8309fe5045eef556a901503e1c85595

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpG4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm95n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\39ce1a9e6ea14eef61f4785fa5725b10_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\SysDrv43\devdobloc.exe
      C:\SysDrv43\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax1U\optidevloc.exe
    Filesize

    4.1MB

    MD5

    946a2d9e0eebda9e8783d4ec03a9bd93

    SHA1

    c2cb95ffad4947a2b68ee61433d1547169ab3f65

    SHA256

    6bc09b6bb180047fab60adcc6c79e605ddae76b974dbce92bb064f0d29efbeaf

    SHA512

    80431e56d14efa990d1be144dd7ec00e8c8adbe73a4c091cf4cf99e264e69842e8ddb303d42fa1a84465c57139262a211a137f134a4389781eedfbd404bca3e7

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    448a318c901eed7b723d940a20a9a083

    SHA1

    1dd3abdca9c1f80e7c8a550b470ca20d6a9019bd

    SHA256

    e1cffff0f0646f7852cdf2c470f9565bf30ec1e38e9f94b5a12b7265743a70ee

    SHA512

    ffbee6e1dbaeffa28726286679120c659335b45109921594a17a17043a326b32a3a0412e35f5268ae21a58162acf111606a981458e329b8b4d4482e7724f6d47

    Download Submit

  • \SysDrv43\devdobloc.exe
    Filesize

    4.1MB

    MD5

    0df3ea2b988e016ed56063d9c89fd5e2

    SHA1

    03fecb05439a3b8241934fc6db6b584d3b53132e

    SHA256

    f4af2b147eeff23fa4dcd81e6022c3dc049be520d1d2c71d3954bf5b94562c5f

    SHA512

    5920d1d53eb649f8a8eb3960821fb4b3c7baaf2452376f48b4fd5bcc5e2dc4e85ec4a60568ec7d9fc430829ca642f7e3737f7490f55eb7ddf63fb9bce274be5b

    Download Submit