Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2a4f3b6815...cs.exe

windows7-x64

7

2a4f3b6815...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2a4f3b68155a15dd408e3889645f5520

  • SHA1

    043bdf35bdf792392cde370424158faad11f857d

  • SHA256

    49435904d2f4bfc978926e4917cbc4beb42d41fb45903795e59cebf6a4ac36df

  • SHA512

    05cd9981023e34b430d11671952e5285ef00d19b2016f217f2887083d7a5f3d39078028c06fe8b448d079c32aa94bf39e42a6dd05895172cc5f9fdc3d6f35058

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Intelproc7B\xdobloc.exe
      C:\Intelproc7B\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    cd749814195eaaf90d7bd6a2744ecd50

    SHA1

    192f2bcb6affc7ee49954993b408a0c96be1db11

    SHA256

    662345c162e59ee07f1f52029a2d2619e9e6fe44a211c1ce3ff318ea9eba7f9a

    SHA512

    d20add773e17d96571155b7d1b16a3f1510ca70457fe47782930a05fefadf687c4367254903088b56eccc6d03d1eed466588e00a4150f868d76563704a57400a

    Download Submit

  • C:\VidZ1\bodasys.exe
    Filesize

    2.7MB

    MD5

    a18c37bf1d0d0d07c4d282bd9e2889a3

    SHA1

    b17bc3b9042ca56450012e7152cc19f2e1126ddc

    SHA256

    8dd2f10a21e953fb542e301c6430565e9af8a4917fa0b00d0276cf115dced524

    SHA512

    b14c7eb1583f6214b21397ec835584fe3d75c9302ae4ee772007a07c1eb5af8dcecf87d83780ccec9421925d3841b8392b29adb88c9d268f4e61372da8fbe538

    Download Submit

  • \Intelproc7B\xdobloc.exe
    Filesize

    2.7MB

    MD5

    b7da3b3d9ef136831c68e1b6d132355b

    SHA1

    ab968553f123b6aa9900a6aa69179637bacc24e5

    SHA256

    e2179d0c56b0fb04fea6af437e6708540ad7550aba26858ab6259e00f80c1ace

    SHA512

    cd4c356107a977c66a688151492a49bf1024478f782a4316f5cb45e5522d2038801060f9d0deca5181ebdf82cd8658d403584a8fe8caa4b8d723aa9708b81563

    Download Submit