Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3cb4573e11...cs.exe

windows7-x64

7

3cb4573e11...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    3cb4573e110703e8e0df0680f274bb20

  • SHA1

    0092f2fabaf7b295a72eb27ce14b0516231cf1ea

  • SHA256

    cd3a2bc027a4a9643b15aeec8aab3cd8cdf001b7302488c83a71a4306f30f551

  • SHA512

    01f81d1b1d855584e339efa6f3cc49af9b6ec706214190732bdd15a2b94f82be9581cb1ee147b9839af68504e21e3a3755a76027c17bb85bd749530e601e81c7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBO9w4Sx:+R0pI/IQlUoMPdmpSpw4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3cb4573e110703e8e0df0680f274bb20_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\Intelproc4O\devoptiec.exe
      C:\Intelproc4O\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc4O\devoptiec.exe
    Filesize

    2.7MB

    MD5

    a4668f1fe831a3663ad2e1cdc84b11a7

    SHA1

    3bb1cd9b39aac742a20350c498b7affe6b873c0b

    SHA256

    33922216d7b8bcca85f010c67fd82c5d33bc9cda420b3edc2056e45fb40e476b

    SHA512

    c70379d0312317f5399875005ffe27f2074efb3affc88b6555e5eb884ef104b1be2bae21eb9d2beeb9ea3c71260227423842383a028a93ff30b775e26589bfd5

    Download Submit

  • C:\MintYQ\bodasys.exe
    Filesize

    9KB

    MD5

    bf965ee8f9d95b943a5ea888a522c44e

    SHA1

    69326314abf4da6764942ada42d063b44fb707c9

    SHA256

    13c64f8ad509d213565146a5459b79218788b601d1d572943dfbacb755233c7e

    SHA512

    c5b066aa1f9c4aa2d78f788c9be796bc4016f479bb94a04aa8acc989526f1637cb18b97eefb4cc366cf3b29b7f7860dfe7860a23ddf51ae21401c53b0004d60b

    Download Submit

  • C:\MintYQ\bodasys.exe
    Filesize

    2.7MB

    MD5

    a2d7324b5fbf2d0bf31c51de92e980e8

    SHA1

    7403c2508c741854890a502fdbcd4dd9badd1398

    SHA256

    2520a136d5f45e2cdb64542bfbe802c0e9bb4eba97ad5bfa232496da8fd7261d

    SHA512

    cecd7720beb4eb36d82c59794390c841c2ad311c4d22a97a369dd25d56bcb2e702c384379bb6f39109384d75ac6f1930dc36745105f93fff26baad26e9c81125

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    81741635281a175ce364db78c964feac

    SHA1

    ca637a624769c90e7882a45b381c89a6ad6c1370

    SHA256

    eddb07865e103665d367208f970bc407bc13aad8fc0f567fefb270e8cb072026

    SHA512

    b7aa6f46b2d3cb848d748fd673c53262966fcab2996847d0d4ec3a0ed9e6ce620d0059d1374be53c58af2b65ff6a4ebca67310cf2d368242a4549f4d5c691feb

    Download Submit