Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1ecd5b3be6...cs.exe

windows7-x64

7

1ecd5b3be6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ecd5b3be63476eb9e9ff07147848980_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    1ecd5b3be63476eb9e9ff07147848980

  • SHA1

    23fd478a63eb0784a50b5abce1bd498cd4e01ba2

  • SHA256

    4dbfa112b7f9739b40c8763d8c5afefc81056ad633bbc6a9e3b1e98ea872f74f

  • SHA512

    d1048b17b8e8b2fdaf48b7a342b86e2f01bc4aa1c650ca4098ab4966422aad3c3147380909e8403941a543a614265e2ccd766a9b514f086098f68d9229b7b91e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBv9w4Sx:+R0pI/IQlUoMPdmpSp34

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ecd5b3be63476eb9e9ff07147848980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ecd5b3be63476eb9e9ff07147848980_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Adobe3P\abodsys.exe
      C:\Adobe3P\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBFZ\optiaec.exe
    Filesize

    2.7MB

    MD5

    20d48b856c153df6ced7248a1e9a86f5

    SHA1

    0a0c951c5bae6b1d9f06e919193348271e8ce2c6

    SHA256

    73cfb169308a3d245abaacd90a536ab566e281db2ec01f03b8b85c9c7ee22759

    SHA512

    18880087690dfb0e48b9baed216a0c7325fd501cb89d1b55c56b2fca5fb9475127149cb83f6c8a6bc3859fd2b5a024b08c8ae187117f95d8c1a47aca23ed45eb

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    199B

    MD5

    a1c0fb1029bf2f454e2bb0348fbb772f

    SHA1

    644e9d13b4039ad17e8ab66c60c5b0d67028da65

    SHA256

    7c6c3557278d15926997c907c93f94a48f0731d704d4ec74c74dfdaf509145c0

    SHA512

    e0d6f12871b2b6d84bb996546a8418b5a9c2597f0ed71b771ea7efda22b9ad8bd734f5882fdd9934a7beee60bbd7f4577f845b71a92dbb1588246d13d50f885c

    Download Submit

  • \Adobe3P\abodsys.exe
    Filesize

    2.7MB

    MD5

    2c1af7cc28195800eb9ed66a37c095f8

    SHA1

    3621e077a1d1d3b432a23451e1f946f6c41c7f5a

    SHA256

    4085d907cd5cebdef18e22b42293325896150466fee0612b4e74c48742f8520a

    SHA512

    b1dabdf037e26b9aadca315e27e258590e6386f351a4a1e44302f508dd535580198fa96a52b6587462f6b75103bf64c2330b3579e349c353ce52674102ab0836

    Download Submit