Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

446bf0565c...cs.exe

windows7-x64

7

446bf0565c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    446bf0565c0507f9f62cb98f193e7990_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    446bf0565c0507f9f62cb98f193e7990

  • SHA1

    94ec372c1411146d091a32497bfb48592705b4ee

  • SHA256

    4435fe9487982f3a859f218196182c22d409185ae4a25ccce3fb1ab4c40632c0

  • SHA512

    d0f3558b264271d1f5aeb5f2b91092756d0d306d58bd2b62cf96c2ad5628cd67993eca4fb0afbffe90e46b574c7b25e5880fa7454072012463a2e75026ec62f3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpH4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\446bf0565c0507f9f62cb98f193e7990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\446bf0565c0507f9f62cb98f193e7990_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Files2F\xdobloc.exe
      C:\Files2F\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxTC\optidevec.exe
    Filesize

    2.7MB

    MD5

    c8a6eba01843369b79f43f0d1dcc7c19

    SHA1

    03f39e8c0202860814ee63eea550fe2a0fc779d3

    SHA256

    4e640961f32228646ecec90baa0d4768a51fd64e1ec3c00747713b3938438783

    SHA512

    90fe34957ee8b123bdfad08dc31d447e7cd4812fc00d50dd69ecdaf3ec030229cd9759223dd7b7e3d564d78d48c824dd2613f0c89dc1ebaff829e981462ece03

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    2243d3000a2aeea235ddc54526b85e6a

    SHA1

    2b79315c5c354a3072a4ea837b6afc735cdc0a8c

    SHA256

    f8f7f0591e11b16d7c61e30fc21c62d76eb913b54741a6eaab4e4cadb431f9ac

    SHA512

    7c789e2616116db1c318e00df9bd6d46f03dcd3583ddbe992a1e0b9506f752813146d0a20f27704fe8a74bf08a08d5e5150c678d3c1c30a570ca641ca09af782

    Download Submit

  • \Files2F\xdobloc.exe
    Filesize

    2.7MB

    MD5

    eb5c43cc4f1a53b0b031e9810760291a

    SHA1

    dbaee5ec63aa788c9ceac7907c36b99b28ddd433

    SHA256

    ce4bdc33c6d5697adfecce8237f7f4c442563db8666534a1d4ee53b7cc104c65

    SHA512

    9fefbf75ae6037c76bb8700891c7e9c19dc49608dc4863a4557e66f3f8d571ee07405fbc7ee68601e004e2a18d94f3e417729f97378fb64ad8347d33815a30ad

    Download Submit