Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

15719c925e...cs.exe

windows7-x64

7

15719c925e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15719c925ed1b22cff03d527fbe6a710_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    15719c925ed1b22cff03d527fbe6a710

  • SHA1

    2f86705150032ec1ff2b5c0555ea9407cbb08d55

  • SHA256

    5422f8458af2ed11979faaf7350721ebf7522cd079ac481ac32d4b863ff56a3b

  • SHA512

    9851318946a1f8387644df437b4ad683314d205c11117a0cd7ee21fb9fb7d5b2ff696a4d2521027ec24dac3c9c2251ed72d15ac12997285ee18740aa648662b1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBG9w4Sx:+R0pI/IQlUoMPdmpSpM4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15719c925ed1b22cff03d527fbe6a710_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\15719c925ed1b22cff03d527fbe6a710_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\SysDrv0T\devoptiloc.exe
      C:\SysDrv0T\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintAG\dobaloc.exe
    Filesize

    2.7MB

    MD5

    fcfa832b25ff383021c888c425488ce7

    SHA1

    8d1b3766072271f0de31686b3864b52aa50ae484

    SHA256

    196c9e25c02d61bd167fc26b527517de9cb21fcd8d14a2806b6723f2ff4f98b1

    SHA512

    ff721c7ee424a9fb7fe9dbcec7333cd0a6901429eeb1bf8fea419999cb1699790e413a44ee709f10738f79adef07d71bfb770c87effa2c4e48f23fc81cf401f9

    Download Submit

  • C:\SysDrv0T\devoptiloc.exe
    Filesize

    2.7MB

    MD5

    419f821a3bd0ced903d7f082cd9dd994

    SHA1

    5332a9860bc783708856de6dba508e28975fbc54

    SHA256

    6dd1cffa8bb7a62abb271302b66885bbb639722df7817f23f9172e11b3bdc432

    SHA512

    98ae04f1ee3302b8e95be5fe4e5caaa43c68ababdb922287d491f477c8efefd101db1b41e2701ede61b2a3daf779835c04667e78d42cf825e2a5f2f87140c6d4

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    3198bc34f43c72a610873bf6bb3f30c8

    SHA1

    11bd473ac13877d23229a01e998778b4a96e10b5

    SHA256

    1139ddef2e3394dc6b4228c8d0aff795f2dbde7cdca82fa3470507bb1bc258a8

    SHA512

    63da45cc8e252cfb78bb296a4bbec3d857225927f0c3d03c4fa76f1a0f0a31df9c8e9b858fd242cb8dd79a8882f16bf16968684c67290cd6d6a48dce46a112fa

    Download Submit