Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

abdafe2134...cs.exe

windows7-x64

7

abdafe2134...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 10:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abdafe21348bbc452a05c4796dfddd00_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    abdafe21348bbc452a05c4796dfddd00

  • SHA1

    02c06968551fb21802094f9fec39f467f8f0fc78

  • SHA256

    34ce47d125da8f3f932447eb0e495bf63b435843b759fe666e6d0d068b385a48

  • SHA512

    4a074edd6926a3ed7e462d6404f51f0a9f5bc3087f6cf05269b6403388ded31ff8cf5fcc28c6cff78f1eff8e26a32ce0e0c2daabc5b414c7b2d7080b01ac84dc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBK9w4Sx:+R0pI/IQlUoMPdmpSp84

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\abdafe21348bbc452a05c4796dfddd00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\abdafe21348bbc452a05c4796dfddd00_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\AdobeDM\devbodec.exe
      C:\AdobeDM\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    3b3a844f5b0ea057046118a98739fbef

    SHA1

    46063633e43592998cb71ff729c26970c2f0b680

    SHA256

    e1c6df2ef435aa186b75055957fff0a402469a8ff10e2938b421e1f422817602

    SHA512

    16c9f29200e1f9c63a4a95bdf1c3ff59d900c9c996c93562a055648c8bf3a64447ab1967972403d0a44f4275a931152c6bc8a856fb0ed13ef7af3949471fdcfa

    Download Submit

  • C:\VidTF\dobxsys.exe
    Filesize

    2.7MB

    MD5

    ff74a208bf73bb803944227ab40252c6

    SHA1

    044c6796d125c07f52a740e09b0a6233254dd141

    SHA256

    dc5a739c6a942fc7077d817464b6a7868bcd2de30a378c4c79be64d92e24bd28

    SHA512

    35b3cfe071febec9a24774bdf59e1af508003c60fc3adb073c8cf0ecfc0a82fb08b6db702bf15c6b6c663f5ac511f71e3e5b5d335b25b0dea2bf65ebf7aa7b9a

    Download Submit

  • \AdobeDM\devbodec.exe
    Filesize

    2.7MB

    MD5

    25ed8fa49c22c4b68fc11ce6c4ef08f9

    SHA1

    ee0368ce86f7ae4accd9b73238b540e199f36e30

    SHA256

    a793174a3b0ea68555bdbaa824def6e81b7a0a848908dc71202e45e0a53cf3ac

    SHA512

    976eee4e5f59e9d34f9a5252568697fdc0ebf0f133f86a5cd4f000d928088f602c11c5eab3c03f24fdb8fe3585b27b88e7b314f24f69c8ccc8a0682de0184d5a

    Download Submit