Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

babdd706c9...cs.exe

windows7-x64

7

babdd706c9...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    babdd706c9bd2403865f38b8c6223030_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    babdd706c9bd2403865f38b8c6223030

  • SHA1

    1d4c0daf19e8dd6600bd1a4a9de3a07bc01a23de

  • SHA256

    42ce927a9cc27c12509ec7a973cbb733a3f1267d2640f69d6fe931d3a134eb0d

  • SHA512

    564fee5c56d4c0988fa3518a64caf213138cdf1c73dee0f32cbf12065f8003f7c242ed5acc38b8bb1c22f3d3643f240e15443a9c00dbffdafd98624525a6d78d

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBH9w4Sx:+R0pI/IQlUoMPdmpSpT4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\babdd706c9bd2403865f38b8c6223030_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\babdd706c9bd2403865f38b8c6223030_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\FilesTP\aoptiloc.exe
      C:\FilesTP\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    2703468a3f23931fd9a834940e986238

    SHA1

    db362d423fa8b4f2f5004a417a4ba0a11ad949fa

    SHA256

    4361575ce5bb8adaa8e1cff082680c9d7d16a038d73d4d3ff1c50933a752b449

    SHA512

    4b145e5fe29994969dd1fb5dfde8df6b66de29f6ba55e9f7ddf2fc7c6d1b7d53b1505deba4cd3cba5f5eef05589d352f6aded244106876eeecd500ed9d0d731e

    Download Submit

  • C:\Vid2G\dobaec.exe
    Filesize

    2.7MB

    MD5

    9e8c63e7cf42425b45d012e70d625a72

    SHA1

    cb2a06962761e82aae8c46a2d460de9b60b4af00

    SHA256

    7d24f09458c773ed1e505e377265a80c0d3e8ac20da7aa2f4558087e68af5067

    SHA512

    558db1fdd391f74cfba99f0089ae38aad4fbddd71c05fc0af1edf6ab7a46bdff2f6871d784412195e88edd8738e802f0d0e4222bdaf7fa5d13824199c9c7c3cb

    Download Submit

  • \FilesTP\aoptiloc.exe
    Filesize

    2.7MB

    MD5

    29a7b837af275e90141b07f94dce7f1b

    SHA1

    d0135062701af75ade29882d1b985694c7ccd475

    SHA256

    fc163470994fb555fea0509106a2ad658ff64870a628353583d95c5645f4815e

    SHA512

    bb41b0713b42a9ec7263faa52b43adaa1c68ef6445ed9655c920ae2c9aa3f81f5f6d6661dc6442784f5b4666e734081408ab16d53d85d3218db3c054d5980a50

    Download Submit