Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3cb4573e11...cs.exe

windows7-x64

7

3cb4573e11...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 21:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    3cb4573e110703e8e0df0680f274bb20

  • SHA1

    0092f2fabaf7b295a72eb27ce14b0516231cf1ea

  • SHA256

    cd3a2bc027a4a9643b15aeec8aab3cd8cdf001b7302488c83a71a4306f30f551

  • SHA512

    01f81d1b1d855584e339efa6f3cc49af9b6ec706214190732bdd15a2b94f82be9581cb1ee147b9839af68504e21e3a3755a76027c17bb85bd749530e601e81c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpw4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\UserDotPJ\devoptiec.exe
      C:\UserDotPJ\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Galax4I\bodxloc.exe
    Filesize

    2.7MB

    MD5

    9beb769877ee39e6f6b2cb007838a8e5

    SHA1

    eca3c6904488bb57a2d312d00a93c6ccc7bab9ff

    SHA256

    30b6f6fbba32e9b937ab1d4702c5600cb4d091bef790b33fe29c29423f0a9f2a

    SHA512

    12faad76c1101ce69ace01d992ec45bfda72c51d3fe33847d532c9a68c180e106e9b86bddc55c205921d09e25c175a28f3f7d0aa38719cf3ef322eb0f38f4c24

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    893afa276babefca59de862428a1cbca

    SHA1

    50e5a429774c4a460be9c14d86eb39dc26ce2ad1

    SHA256

    758f59d35371d6a4fdb883b10d17a3b8cab1ba02c966277df3b931a7dbacf836

    SHA512

    46622f6c4787dbd4b00433c5153bc0596765c69e0be063c76ac1a9a3bdb162660c3c7c9996e1f77889442ea479c64320e010db355e76436b6f3e2cde74b600ad

    Download Submit

  • \UserDotPJ\devoptiec.exe
    Filesize

    2.7MB

    MD5

    8143d748b58c452fc41d01e6945e2e28

    SHA1

    9bd6649423dc757e66132091871d8e10d78094d4

    SHA256

    92d57f7381f55fdef1c7dd48dcf41b49be6221438cb1ecbeefe07538d0f3e3c7

    SHA512

    17c8238f1b2d1cd141409a145476d6c8009558f6c03b8d25029e3036a86884aa4f45b63894a8b062eb1ed5f656c5012d95188eea124eb25fb8883db4551f1277

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.