Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

49a544c3aa...cs.exe

windows7-x64

7

49a544c3aa...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    49a544c3aa2e8cda06e0b6f496868960

  • SHA1

    d1ac56581a034716996d04ed23553e7becd34cbd

  • SHA256

    7fd356b980fcefcb7c56d33abb9238fcf65daef9dfaddd0c88777d9683e6f1f0

  • SHA512

    9ff6806408f67f57a19fc1aaf6c5caf498c26a76f25f982d8cf86189c98fe90b7a875be076e97b40e96bcd1fb95c0e95ba892835ee08decab3b6a950c46e4156

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\49a544c3aa2e8cda06e0b6f496868960_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:380
    • C:\UserDotQD\xdobloc.exe
      C:\UserDotQD\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxBT\dobdevsys.exe
    Filesize

    24KB

    MD5

    8ea53c792f7c1e933b815bbd15d05fde

    SHA1

    af115a5719fcfec80ea4a0e559253470e0d94d8c

    SHA256

    0413b9eb1ce1ce6f7c36a1824ff4ef484e2d1c51d816511c63c45265e0b57f5a

    SHA512

    623bb27f1758473fc1f554205acabd9b8326bf1db856573494f4f775139c99f83222e9afc884be8f73e8620d8293e68760a601a51607c9eda75b69f989074ce3

    Download Submit

  • C:\UserDotQD\xdobloc.exe
    Filesize

    2.7MB

    MD5

    a073d3284df618646f8781a8cf698f75

    SHA1

    36560cceea77b10c5a1073836cb6e503b2ba1a92

    SHA256

    856368e7ce6f02621fceb32040cd8fc91ca104679254caf05657b7066e25b0b9

    SHA512

    6c1644d6af1948a417978da7efa48da67ff8b0d7af75d67d249ad2c1748633d7413b6a0f10eb452cd93ca538448bcaf7f44c362f035fa2beadb6fc81bc5911f4

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    0e8b4a6bbf6a5a3665acdb3361ca8e63

    SHA1

    7404c865859d51fcb13f33b1afaf2b93906d1e12

    SHA256

    6990c1d5538c3a31d256d1f3ee38154ab8ec0c71d9f232eae3beaf0809689707

    SHA512

    0c3bb4c4b6785e171aa006fe0d1af536285e3607b1bd08e931c79db7bd4e0a661c81d932891372c5b76bc90f07e0f0d94e67d23a8f15ab0ec2056cba6b5a74d4

    Download Submit