Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2a4f3b6815...cs.exe

windows7-x64

7

2a4f3b6815...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2a4f3b68155a15dd408e3889645f5520

  • SHA1

    043bdf35bdf792392cde370424158faad11f857d

  • SHA256

    49435904d2f4bfc978926e4917cbc4beb42d41fb45903795e59cebf6a4ac36df

  • SHA512

    05cd9981023e34b430d11671952e5285ef00d19b2016f217f2887083d7a5f3d39078028c06fe8b448d079c32aa94bf39e42a6dd05895172cc5f9fdc3d6f35058

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2a4f3b68155a15dd408e3889645f5520_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\UserDot28\xdobloc.exe
      C:\UserDot28\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\UserDot28\xdobloc.exe
    Filesize

    2.7MB

    MD5

    5806548c3f12e7dc4ad6376ce9c4681f

    SHA1

    5702037cd50c18dd14de9dff5abf2cadcfc3147d

    SHA256

    a808d868eb38145d96a436ea52e64ff17ba50c22ee830fabb7c72043b80b5122

    SHA512

    92bd40361c4fc80c00b00c3eed0cb389c96e1c0f83022ec3a5b4ab73ef569cc0cefb84f1ad21cf1877b9ad9a438467b77c1102604d7315c2ab087b71931af930

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    ff420b970c0767d3a348e541bdc2a6e9

    SHA1

    0084eee0581fb06824267f85f3af6140e47af406

    SHA256

    c2a9f83c579ed0955148a55cd81e6fcca61a2f563cfbadc7ea9b0b4d5ebdda14

    SHA512

    71e178d6a8e0dc983de361d46650299f06ecd585ce2074ee567ad4852b36619271678836044ecd689ff9e5d5e7dbc388d6fb0f7bd96201a21cf3a9539d64d33e

    Download Submit

  • C:\VidC0\optialoc.exe
    Filesize

    772KB

    MD5

    88af1dd8fc13da7069213d4127576655

    SHA1

    f5e47edd2c63ac8f714cdc1a753aa2175e082629

    SHA256

    7c1f074c00eaea9400fecddf6ca4ba2fa3d5ff1219bcf96aec3ba3206ad2af59

    SHA512

    e4c3cf95fd30ff5188fdd94a388e6452897b62d80b4c095988d97042cb53764bf8c859954dacf170f3e38f3374891629ef4fa431fc6269e6853f31b9fdb59db0

    Download Submit

  • C:\VidC0\optialoc.exe
    Filesize

    2.7MB

    MD5

    eabea191a5e21c9b238720ed984e9bc6

    SHA1

    d640c550d34623fe06045746215054d191c1753f

    SHA256

    99123368cdb811cd3ae33c77639097f6a72b2e7eb6249e01338606f86ca1629a

    SHA512

    bca7d632e55b4dd7f3732b609af7570c15bf67fabffa1eeca95a1144f44b82a045533b1fb97846214960897a7164ad19509f9a22b4fb33a598e4b0366845bc19

    Download Submit