Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

85d9cd8531...cs.exe

windows7-x64

7

85d9cd8531...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85d9cd8531c6f418fac7193652bae4c0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    85d9cd8531c6f418fac7193652bae4c0

  • SHA1

    51fc88a6c1aa6c758bcb480572df6f4fb2f5ec13

  • SHA256

    b43b64f29bd25a0541f01d06826a88fc6d900cbf7e9fc039ca4effa2255059d4

  • SHA512

    cfd9433a11a7e075c5e5b9521b77c1ec218dfa5ab7fee5120fb7cdae77874bf64a42cc8056bad6571ccf460c3f92e9792a202afc38152548e15f15d6ebe7a2e7

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpq4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmV5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85d9cd8531c6f418fac7193652bae4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\85d9cd8531c6f418fac7193652bae4c0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Intelproc6M\devoptiec.exe
      C:\Intelproc6M\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc6M\devoptiec.exe
    Filesize

    4.1MB

    MD5

    5ffe943d0e1e57985132f72564450cb7

    SHA1

    22aac3adbc9fb87226f6d2a2f7ea7ecf536688fd

    SHA256

    1e27ac32046ce4ae8dba2725d994073a37e10c619a4d01c85867c73612a2bd72

    SHA512

    a2251147c74bdbfc6dc08050b3169f5781a765287854436767cbd6df0e11d9808f18b724d8bcba2d0390eed3c82b8c2006590a77d5b66fd7772116bdac041e2f

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    91289e484b98b197ab2fdb96ce53d8db

    SHA1

    2034a08fb6917b585bbf58dfdc19eb8fd4327cd9

    SHA256

    7803f85d62c87b8b5efe8768a9d0c5d690e346b80a071d9396110d4f9bd5ed3b

    SHA512

    bf34947760f30c10275d15bb4c8322051e9cba20e19de79d1ca6a5805c7ff089a0ea7b63f5cc6687444deddfd160ad8e289021423ecda8435e403c8f3e9d937f

    Download Submit

  • C:\Vid5X\dobasys.exe
    Filesize

    4.1MB

    MD5

    af06a301f74290049c54fa83431f6e38

    SHA1

    d9a9948458800c1a9b2bb77381198edd1c4816da

    SHA256

    3a195cb0e90898a290d46d3946f0773bc33f7e3bb63e2afd7af7f4f4efeb16c3

    SHA512

    1921b72b61ec5ddbbce27846a23685491c0a1ec8bc4ba2eede16f1780d2f09f6a1288ca0c9b68852bbb04deb018d72d6753ebd62e34083a947719bc34345ee32

    Download Submit