Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

96a36cc087...KI.exe

windows7-x64

7

96a36cc087...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96a36cc0875fcd74c888ea78a9a591c0_NEIKI.exe

  • Size

    2.7MB

  • MD5

    96a36cc0875fcd74c888ea78a9a591c0

  • SHA1

    545b3ee9c269d4b05a575c0304c0ebd4a29a9b16

  • SHA256

    82c17157a26f02b8007afb7f8f85f9bd461b919653adb199cbe08dcac454a758

  • SHA512

    47cdc4389c523ffa1c76998108800c5f18da32275c961abefefc80306946994ac0032611c2fc28924a63766044cc39572d56e535209adad663499b6e1ebec347

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBQ9w4Sx:+R0pI/IQlUoMPdmpSpK4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96a36cc0875fcd74c888ea78a9a591c0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\96a36cc0875fcd74c888ea78a9a591c0_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\AdobeR0\aoptiec.exe
      C:\AdobeR0\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    25c6d49cb3e6a4c070eb5bd0bad7c4e6

    SHA1

    632d4eb82953fb544c86444a9ca611c40235b525

    SHA256

    2bdfddbb29d109bcbeb1d65f0235742709168684ce21571f4d7ffef393136a9c

    SHA512

    3e0c7955a5931cd083cde299e37dc9974d744e146bc7434127ef97bf49207c6012f105ed1974b95d6e59d8b904669b92796e65c82b54cc1c5f4adeb541c7f09b

    Download Submit

  • C:\Vid5B\optiasys.exe
    Filesize

    2.7MB

    MD5

    9582695cb88706881514bcca9f893ed6

    SHA1

    ef166f4241f1550ef71d6b9afae0efce25321fb9

    SHA256

    191c547d059ac6f0be643e0a3ec005de99aec002c1e312de206870bdfcf78668

    SHA512

    9412d54bf64aba6ae5e805fa4a0168e951e6286f1cb4ad2342c2a54e01c8d43d3b29617b2095845ba9dfbde9ab8fac35fe8b6b5559c326f21752eef3fcd6bf95

    Download Submit

  • \AdobeR0\aoptiec.exe
    Filesize

    2.7MB

    MD5

    5fc1bbb98110faa32d26d539dff5a641

    SHA1

    2fce0a72eb9dc1b32725c893c68b25b844358a36

    SHA256

    88dc504f43f14e2bfea5180e53a9b92fc991ab7c30f9529c0613b3a414ab1794

    SHA512

    2a018fcc44fa2aebfd4accf93ea104e69d6895e6374063b25030e4d91413e4c59c0868af0960308c6db5259090ef9d98f1ed2b630ec77c7ba6bfa64fdac3c26f

    Download Submit