Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b1a6b0106f...KI.exe

windows7-x64

7

b1a6b0106f...KI.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1a6b0106fba3812ff3223ccb4049290_NEIKI.exe

  • Size

    4.1MB

  • MD5

    b1a6b0106fba3812ff3223ccb4049290

  • SHA1

    833b7c497d9b0c700258f8508b38a69eb722ea7e

  • SHA256

    a2043acd88278fa995b4452dfcc3f25f5e19c01d6106c850a69b1cc6ff650df9

  • SHA512

    fbfd5201ed3c68c410b9197e207f2b60c343d3dc781358d3ff000908256747062cdd8a5a6bdba51dd299b86ba151f6b0c9dbda7b3b9bc02a43279eb1610d849a

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpc4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmb5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1a6b0106fba3812ff3223ccb4049290_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\b1a6b0106fba3812ff3223ccb4049290_NEIKI.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Intelproc52\xdobec.exe
      C:\Intelproc52\xdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB06\dobaec.exe
    Filesize

    4.1MB

    MD5

    e2d35b95e51eded1618905b764d4bc8a

    SHA1

    527bbce1de60c04255a4d9b0f98d2297fe7134f3

    SHA256

    dc6b72bda7822d2630dd49b2bb2c9071fb0d16c612114c8d4758d579fc39ad1a

    SHA512

    39db119c27e3ce6273b1073301cd759e170dc98ad2256bca9284fae80249cb4c09e2e73311e375419a7ba6d867a7163d7172326dfdc8c40a12d1962c918f46d9

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    ba6fdaff5f95ea7bf4c71da95516f70a

    SHA1

    a81af450adbb98d582129e09c58f42e7ef0a76c4

    SHA256

    8b1e71843dcedffe9ec1660981d5369a0d4be14dce79b6b7b3f2bd69eb7428d1

    SHA512

    c915993f89cdb915279e6b0fd259c24a82fe0509c0bcb7bae2e192a650884b729c495a18efdf8557561c60a0b484f6b1e61ad0fef61c5f1e28150d11c8ebf23d

    Download Submit

  • \Intelproc52\xdobec.exe
    Filesize

    4.1MB

    MD5

    5ab3b762b65983dd1b1f7b2fa9e6e74c

    SHA1

    fe422155777acfd30ec8f423e6cf351ff5445877

    SHA256

    16f72826aaeccdf9ad7a217f858b4e17f3bd79bc22cebc51fbd6a1cc5fdfb3ab

    SHA512

    88ccc197ecec08d4f3eef1ef851ca92c942f456855c74127fa13c7c481ef77a289a1203dba2679e06772d17ff0260e3e193918030149d03d2490e525c7d9988a

    Download Submit