Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

52281e3c46...cs.exe

windows7-x64

7

52281e3c46...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52281e3c463d9b03a0f7dfa706a4d640_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    52281e3c463d9b03a0f7dfa706a4d640

  • SHA1

    9d1db538e1bfda436850d04f4e23cb8fa435871d

  • SHA256

    8f343e7c8ecacb28b83b2fd4a4c25b8987159749c09c40d1ddcf0d9aecda1fe8

  • SHA512

    e630b080346ddd687f44d6432a4ca5909c8d681a953fa21e3541714ba05c66ff6af8e184b6318d5fdc1b4f2a6ceaa8353233bef8b56677c55f6af9ad1bd1f586

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBN9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52281e3c463d9b03a0f7dfa706a4d640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\52281e3c463d9b03a0f7dfa706a4d640_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\SysDrvU8\xoptisys.exe
      C:\SysDrvU8\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBGX\optidevec.exe
    Filesize

    2.4MB

    MD5

    1c109d4525c68e41ebb439836224f72c

    SHA1

    05ee559b6afe07126babf52b029c74538b285fab

    SHA256

    cdf50c5f7be2318a408b5e527466d49d7346608b912cfe5e7363d11ef0f9476f

    SHA512

    aee030d7e4f5ff40b0dbc839f237aafabcbf45a75eaab5d888aef41194386cd8488bc7b82fc91c5827318b1848ba484d1be079a2ba56c5dd82a49bb32a8c99a5

    Download Submit

  • C:\KaVBGX\optidevec.exe
    Filesize

    2.7MB

    MD5

    3ae17208bcc68eda304978d1af453220

    SHA1

    12c8d920cda4792934471acafcb32a6729f7aa13

    SHA256

    9bcb4337115172f4fc1d35bdad8e552c15962b6242555671e58a84de0047fb47

    SHA512

    b18c04282cb5844f79a963a1b07c61234a98c820f4dec81f5ba5d4b732a749130eb897ef80d6de7364ff9408b48470b6b8ddeb0ee13395bf3f9a48f8130e1458

    Download Submit

  • C:\SysDrvU8\xoptisys.exe
    Filesize

    2.7MB

    MD5

    ea9a64b240119f3469d62e489637f088

    SHA1

    fa94cc853c2aaaebf25b7dbe5fea87fa75148910

    SHA256

    50b39c4e4834a84045de88262f38b1dfbd34156f5d04c0c79b7a6caf822c9bae

    SHA512

    b2c31507a2c7e2a9a4bdc24e53cbc1115256e149d34c418436f4489a1376cd2f7b85acdc98b86d27209add72fa1d727b98e3f8a303495727198bced8de2f243e

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    54db1c85d9852bfeb4bc783212c1e5b7

    SHA1

    2e0bdd23d4a834b804bda57fb657f589fce99e92

    SHA256

    81cd80d8c8c83fe812d989b93e5d2936e7f3935661b2db39ac7aee4275d157b9

    SHA512

    4c545f1116512a010b080ef701a36ff7f7f5015239a0e76aac897f1343040799f3dc729eeb00b2179cdf20df23391c73027db03413ae95f4188d3836a0fed977

    Download Submit