Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bb1026e0eb...cs.exe

windows7-x64

7

bb1026e0eb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 09:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb1026e0eb1bf7c899184931bbb8fc80_NeikiAnalytics.exe

  • Size

    3.7MB

  • MD5

    bb1026e0eb1bf7c899184931bbb8fc80

  • SHA1

    e25bf1355b9cfd5bd97ffe3be1a39f666733fad7

  • SHA256

    67dc121b8bbb8c038568eb17a838c3b4ea2b00fd256ade810c7824bc0307d354

  • SHA512

    8a05b89bd86603b580522f66898b1ce249ba3bbfb9c5c65ca7002c18ce8c01f7e9629984722a65f377427800bc42f19976ee69d01c22c6c768e40a20d20e7558

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpD4ADtnkgvNWlw6:+R0pIAQhMPdmQ5n9klR

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb1026e0eb1bf7c899184931bbb8fc80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\bb1026e0eb1bf7c899184931bbb8fc80_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\AdobeSU\abodloc.exe
      C:\AdobeSU\abodloc.exe
      2⤵
      • Executes dropped EXE
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeSU\abodloc.exe
    Filesize

    3.7MB

    MD5

    d89d740d09ee2d106dfafa0220b021fb

    SHA1

    44d9b7beb5aef4f9cecce95f35a3da263e332c00

    SHA256

    5f57422192dece2e9a0c7dcf30871f6f782caa9dd150ffb901f77e2c58268ec8

    SHA512

    f6b6b12e321ffa0aaea26c434e32e004e0a42fdef65910593958ed7cb03a8c2d646d3349a8bfb1049ca81f8a07d5ba4914a4e2265e993e8ff389af9eb2a10088

    Download Submit

  • C:\KaVB2C\optidevsys.exe
    Filesize

    3.7MB

    MD5

    a8a575103e3a7e792022e19028e41573

    SHA1

    59a54a92ddd829b3659a7a9ceff9c89a8d879eee

    SHA256

    e0641bbc4270a884414e0bb4f6d601aeb5cb71fc1afea40b9bb1988448435ace

    SHA512

    90f4593b729617662e426826a61e7eb450e46ba0adf7080d312bf3be0a67d30932eeda308a70a612920d3c0d25a6dbd79a0e4d5b3dbe59dca3a7ceb886c4528f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    e7405a14f8fe124907d3505cf597e1e8

    SHA1

    95b9b32578ccca920233111db583b323dcb6c346

    SHA256

    d9433700ec855b4cd12925644fa3bcc206a6fdacd206804e861aa2c3597c4d24

    SHA512

    cf6d1eb872cd0afcdf44f266fe3c6dc646f35826a20dfa2f18717d5a8b335019f66ec792284613aaeed5f792219ae528fc4b1910d9e1f98bb485402da30b2e32

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.