Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f07e8576c9...cs.exe

windows7-x64

7

f07e8576c9...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f07e8576c9816e795865f63666b65070_NeikiAnalytics.exe

  • Size

    71KB

  • MD5

    f07e8576c9816e795865f63666b65070

  • SHA1

    23b0a7c0c43cede57aa8c37c1543bb54fd3724e0

  • SHA256

    1dbcc40638250c177665732e9da19000440127ef398b6a98794f8f13a92e6993

  • SHA512

    3f0867a2597c6dbfd9383ead33fc5b642f72e214442516b805157db6c90410291a7386ee54c07a154427fb1960dc26f90d8c1b7402c649547177fe5603c0a0ea

  • SSDEEP

    1536:1/5eSd2CGilFul/vKVjb/uNf5Nf8kuHPvIRgHR:LDavcbUZ8trR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f07e8576c9816e795865f63666b65070_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f07e8576c9816e795865f63666b65070_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1848
    • C:\Windows\SysWOW64\okloobop-omat.exe
      "C:\Windows\SysWOW64\okloobop-omat.exe"
      2⤵
      • Executes dropped EXE
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\okloobop-omat.exe
    Filesize

    68KB

    MD5

    2393b79babe81054cef749c20e471809

    SHA1

    3e202b1f7527e74827d03647709e5361fba2fb6d

    SHA256

    2c9b4fb40e36447739548ff45dec072d567d1619a0eedeab9c970506ba7a44eb

    SHA512

    1f6e63e7082214533b06078e42eaa63ee78da516c1e8f37f362666514a021e8acf7709f06045e8f5fd493204efd3e65b5163135bb54071ce0fbda75cdc0a01ed

    Download Submit

  • memory/1848-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download