Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5e015fea71...cs.exe

windows7-x64

7

5e015fea71...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e015fea71657c4bdaf5af6fcd20d5c0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    5e015fea71657c4bdaf5af6fcd20d5c0

  • SHA1

    d88f66f0f1b9e8c13a21b6f8614e48b0eecc9797

  • SHA256

    e9d2e2be264478dc2fd8716dd302a4239351d9499f6b659c091746bf13ebbfc6

  • SHA512

    c6b02e3b5b3ed236e0d4bccc1aba0f6cd5914e12ae8e7e94c16b3361db76e6b92658e4eb265722ea58ff477039c75f8e5187731e92a5fc5aeaa36939658396ad

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpN4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmC5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e015fea71657c4bdaf5af6fcd20d5c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5e015fea71657c4bdaf5af6fcd20d5c0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\IntelprocEN\xoptisys.exe
      C:\IntelprocEN\xoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    206B

    MD5

    0b2ad7ba153102403f447313e97f5856

    SHA1

    d25fc77789fd33e4eaaca97d60cca469113718c0

    SHA256

    c41a29e7a379b7fe1461132e905f93bd677f7188384feeff452a75f2bf71c797

    SHA512

    6c768e0cf1f45a8f4d4f75ecce3329a9e7c3166ee6f6917f8ef486811ddd5d817cbbb5538f930641083295a3ff312e63ed44df4f8b501ec46aee39af31a6cd8b

    Download Submit

  • C:\VidAS\optiaec.exe
    Filesize

    4.1MB

    MD5

    80e208d821e3e1cb4d3b9d1029d39a35

    SHA1

    7d7c8c9f76d101b370b86b694b705b8f1a97634a

    SHA256

    27d590f76b20db9be8ca7462c27e9f283051b323bfbeb244a38f85e15bd53fa7

    SHA512

    a1d326097234b3209de26face8f3a4fb74aa13142fb2ff28661800749c1bd2ec397880e4454be0cb7b871917ae2879bd73d76b9dcb72cdddef07dcaf80c74c9c

    Download Submit

  • \IntelprocEN\xoptisys.exe
    Filesize

    4.1MB

    MD5

    ad3fbc7e7eba652b4835cb02d19ab796

    SHA1

    66234f98a6476941d4f92f953c1cdce9efa56967

    SHA256

    df3f0f8956f483dc5c247d488452671bf09e1b5f116ea71ae2002eb1bae8e204

    SHA512

    3fcd2eafc094b59edb57e5d823b743cecfde51e8ca43c514d81f0eaa6fef7353f8910cb0589e9d33951e23ec38ab19289d8c50ea5d09deda2a9c35592d03046d

    Download Submit