Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c3b9f50eed...cs.exe

windows7-x64

7

c3b9f50eed...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    c3b9f50eedc51619f3a360274bc8abb0

  • SHA1

    b567233433a7dc85824ae51297004bb461fd78a2

  • SHA256

    8c5d4ba2ebfbffd97734356e9c8bfe04c1c61ce68d7478e589cb5628bfb96f55

  • SHA512

    a25a26cd10d98a910f57cfcaeafb7aa4361d21d277ac4d75ffa6276199d3cbd74f1ea4dec0acec692adf69dbaea5e10b521f5df25815bbf72c1064a2e5e693fb

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBN9w4Sx:+R0pI/IQlUoMPdmpSpl4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c3b9f50eedc51619f3a360274bc8abb0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\SysDrvYG\devoptisys.exe
      C:\SysDrvYG\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintSF\bodxsys.exe
    Filesize

    15KB

    MD5

    125f73a97151e6cab60b3d57922a8469

    SHA1

    e03ed4995db865ce92dda383a27961a5c5fd9024

    SHA256

    24aaabe822734049d80546dadafbf3fec77903cb4a2e4ad9b95f26a6f513fe4c

    SHA512

    deb50a4158def579b871ab4eb031640a29ceedb41037e58da74055b1d5a7b2daeb63494f79283e74c0f66a246f74c5f101dff8d14f93ae2290d26dfaf95176d9

    Download Submit

  • C:\SysDrvYG\devoptisys.exe
    Filesize

    2.7MB

    MD5

    43e85c13b98bd8d6828823a2aa5a851b

    SHA1

    4f8ef8ebe454b64c51030325d135ec98d6b54812

    SHA256

    0de4fb44df0b5eda5ff9fb83f15d0366183afa3edc4e2967ad4593a7e7e5cbe8

    SHA512

    da5a27e2f7cef88977579c73e804cd1e0e144504eac647269ef71df40b0b1e5428e31e545251c4a3f794f982376294fdeb4875e1425c5f3f5dd93caa5ecabba2

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    deb319ee329d49a1978afb96b3726b31

    SHA1

    aa7999afd203bf6985adc7dafba062641ad8b757

    SHA256

    bfe33102d444c05f58d064a2be05d42e371c4aa48fdfe7d0823548b0d27cff17

    SHA512

    38fd09d09678a93dce836e1b89fe62dc8428a2ae8a18c64b695c87cf9dcbf1eddbb618efeefc9d8b7dda1ea90d0bfb009d633a2d55d06bd6aba1b0432ec8ca39

    Download Submit