Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

49a544c3aa...cs.exe

windows7-x64

7

49a544c3aa...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    49a544c3aa2e8cda06e0b6f496868960

  • SHA1

    d1ac56581a034716996d04ed23553e7becd34cbd

  • SHA256

    7fd356b980fcefcb7c56d33abb9238fcf65daef9dfaddd0c88777d9683e6f1f0

  • SHA512

    9ff6806408f67f57a19fc1aaf6c5caf498c26a76f25f982d8cf86189c98fe90b7a875be076e97b40e96bcd1fb95c0e95ba892835ee08decab3b6a950c46e4156

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\FilesRL\devdobloc.exe
      C:\FilesRL\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax2M\optixsys.exe
    Filesize

    1.2MB

    MD5

    121c8d8b94af536e34b8a0d0420d6c6a

    SHA1

    6923865b1d9aa25a3feb59d6b966782583138b79

    SHA256

    b7c09fe5f0998c5893a8803658b519a5b68d084610415155e650c2364ba17f01

    SHA512

    0e87be9a39eaec770258e464e0229d64ed7e178c72a3c99f1136b0b99a8fd1fde38b96aedbb1899e3e92b47baf4400b67f4f7462ae6f8238cebcf9ffe69153c9

    Download Submit

  • C:\Galax2M\optixsys.exe
    Filesize

    2.7MB

    MD5

    a25fcfa3309072ebd81b9c6cbc6e93ba

    SHA1

    e012ab3f72e8fe4904ec5c004cc7f8fc793376bc

    SHA256

    b4894d5433e3dec4dff3cb24acff9709eb548c919b55eff02d24eff1b936dd5a

    SHA512

    01a98f00a1c4545ab087da38c18bafdaca173ee79356f1a88f69164da56390c5fb0c943a5700f03e7c79beedaf1bd0f7a1e1069dc31b5b0d690f172d962f14be

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    5a2a21ef93ed696ebc79243408d3b03a

    SHA1

    06d02eb8ec08820f9359cf05ffbdefbc2354b506

    SHA256

    0b1f207ce48b8fb61f13dea62ea46accabfbef3f3eda28aad49924f0e08617a1

    SHA512

    43cf8d383e23e0f35a48c94efbbf8a21801f97ca73f9fa305ccb65235030a70fc8a182bb0673188db2107d4fb040efdbd7ef13318e94c6c56208689672968117

    Download Submit

  • \FilesRL\devdobloc.exe
    Filesize

    2.7MB

    MD5

    fa08d5a8ef6a1d68b3f18749bdd02801

    SHA1

    abee8f47f5909ff86266cb110337aebebccd8c94

    SHA256

    316aa932f170978b32187edd0a37c5cba83792acfaa0988bf2432683ad1c67db

    SHA512

    be58c8897002ddd50085c6409ed8637a5cd0c75da5604fe31484105c99fc4810c0f46048a05502fdcc10a6253c95f8a579e3fcf20d7cfb82bd32868f3a7945d9

    Download Submit