Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

24876f1b30...cs.exe

windows7-x64

7

24876f1b30...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    24876f1b307c9e4e93fb00261edec930

  • SHA1

    4fd0ad906e3e6ce27f83b1196b582e0b86669a54

  • SHA256

    24055ed055019fb81306b5260769691f19d2d0340e029e77e388dcd8d3f77f75

  • SHA512

    0f838e1f5ba7849a9199bbac698bfc94260cffec4e760fcef38fc1f54731604c35be7dffddcfb0511f001975f55da9445f663919a06839c66f7080fbe5a0e59b

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp/4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmI5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\24876f1b307c9e4e93fb00261edec930_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\UserDot2R\xbodloc.exe
      C:\UserDot2R\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZDA\dobdevec.exe
    Filesize

    4.1MB

    MD5

    0494e8792b97818839f85c44a91b4803

    SHA1

    56c5cd49608022955e6fb05a8d8ac80c5332f87b

    SHA256

    8ee36f9ca8050517148e26af75103a23099bd3ab732343c3268a16747943c3bc

    SHA512

    19101824ab2f5804c35e646588c03290b4dc27ee5cb409d9ba9473faddab74c357896887539504e75ee91a4e77ed95f962d56b09dd9b9f842846a5a660294a47

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    46675eef3d89f067f4b884a9d991a831

    SHA1

    445e8a65dd4eff924b9879672bfcaa4234310a4d

    SHA256

    481ff4554c9dbc2a0ee3a711b63cfb9e32e5f60f81e302e40b9ddb47765401f4

    SHA512

    0585fbe7564ee784e1b12231291aa96b7f5d837e4c767a59b52bc619c9eb9237365b69f2a2d8d8ea78bc402682448bd871e175b31d9b7fed4fe723e1717bf375

    Download Submit

  • \UserDot2R\xbodloc.exe
    Filesize

    4.1MB

    MD5

    916133e17e0f63673d1ea38f98acde95

    SHA1

    0a09918662374a58d6a289c68a63d84b286e8b95

    SHA256

    c039664625eb6c8bdd954b51c83a725e9926eb26e2ed2daccacdb411a5abe18a

    SHA512

    e58ec8c84b765553574f075ca462463eba503d5ac993fd10ea654885e95039a5b8dfb9391112b4fdbc38c4f7770b6b71561a195ac799e88a35ded668daf75a1f

    Download Submit