Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9e2b2c88aa...cs.exe

windows7-x64

7

9e2b2c88aa...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e2b2c88aad93de12055635d3ac3d850_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9e2b2c88aad93de12055635d3ac3d850

  • SHA1

    d2640d1ea8b05a28edb8a59a8e7df5c0a4beb68e

  • SHA256

    df396cba0a6d9227fede9ffedee5653d1f4817c17791fb57e941bc0bbfa3cf9e

  • SHA512

    704fed67679d641dbcf225992cffd2aaf78bf474d8bbcee061d241f3038f01745167baf998c2f8f355988c6ba13547311c153aab15ef5ac83043a83eb36b82df

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBo9w4Sx:+R0pI/IQlUoMPdmpSpW4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e2b2c88aad93de12055635d3ac3d850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9e2b2c88aad93de12055635d3ac3d850_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\IntelprocNR\adobloc.exe
      C:\IntelprocNR\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBUB\boddevsys.exe
    Filesize

    2.7MB

    MD5

    36fe2b28e88e1c38cdc5e3d1640cdf27

    SHA1

    7e882e5dd79d6a5baa44448c40438f8c7caba449

    SHA256

    7dd7a0cfc1413d0db40abd8240112aa12e41aaa71d68d7b18f18d15649a6af7c

    SHA512

    9ab8683e786ae111903fcd044750f90599d979b51801e48d1c906dd7ef3e5b48db557f5697be4d19c516b062a0f5fda2deeefdef426bb86a43608dc560bd41f2

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    f6ce82730c327ef49e3ef760cba09eb0

    SHA1

    1b99aef56dbebe42940a8c75521e583daf545de2

    SHA256

    621cae0a26e49f45c986674e67824fb4c4ba7a08fc410324583b41b811cafda6

    SHA512

    257cbfa0fa4a091cde666de8f676d010bc9529e6c3b318c1c5f2615f4b1365f841ab01412adf0a0e65965bbc87d4634cd9c69006b9d85c51087f6ca27f33543f

    Download Submit

  • \IntelprocNR\adobloc.exe
    Filesize

    2.7MB

    MD5

    8a43ac69e28827cc92fbdf799bd35b5d

    SHA1

    39d7de81aecd0ce5aeedb4545b19975884a91227

    SHA256

    6e426f98836240e9b462da777de769e39e01eb5a169e4de6dfcc3be5547ae103

    SHA512

    848baf2552839cc390453ead8bdd6b0e0774b3226cc6f5d7477f5908852967a441598851f87cce904d1d5b65b3e65328732ff67146c61e35e63362e345c7a7cd

    Download Submit