Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a019a629e5...cs.exe

windows7-x64

7

a019a629e5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    a019a629e5ab1c4e0d892a763cd6ef60

  • SHA1

    46c5c98d9dda79cd9117105b188b4c2bceeedf5a

  • SHA256

    a0a23a3d3796d50b8b499184a6d4415666a21d5d23d7040c2c838370f22d7c53

  • SHA512

    6ded71e55644d859399af3a61071a6a4cddc7babf424d0b39d9a8b3bc8a22308c6c322d042f1de58bb6a133356ad35d51047b6a80b70689d4cf01110925b8821

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpV4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\AdobeJK\devdobloc.exe
      C:\AdobeJK\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    193B

    MD5

    eac0047c5a1a210ac9e8e97467e0df89

    SHA1

    c5ae59c6fa3ed6f241dea51c99426eac4cef1132

    SHA256

    e715a63bedfa78f3d5c639a25224e3cb3bfb7fff171366808e70c1ccbde170aa

    SHA512

    74ee07ee2af75e29fb901b9d3280491a9a78bb2bb45774a1d6f1390e87fd1e48488dc94d59b43e5942a614bd770b2d3a4c65d6cae79a7ca3c2d965ee216c7399

    Download Submit

  • C:\VidOX\bodaloc.exe
    Filesize

    2.7MB

    MD5

    4d6faa3e05ff602d66b68988f7fdc72a

    SHA1

    bf9650c6ee4d2dece8d31403b73e2be7e27b2671

    SHA256

    0df03b231716cbcf3841667cb16df8948a443631bbd942bbbce31b37c7dea271

    SHA512

    09e0ab0114d995f35b6e59880569824a1f38c31ed850d266037f765198431495f00ffb331fbdf334ede12a742ff28690165cc17500ec2bc8bcf7a7d10c33364b

    Download Submit

  • \AdobeJK\devdobloc.exe
    Filesize

    2.7MB

    MD5

    33687ff86e959f1c72c8d2d8685d70a3

    SHA1

    c3276afc246826a7c03ec540aac6cdb90957a95c

    SHA256

    d546f7efe9d288834c83756fb33630099befdfa3d4ef0eaf939543bd1502783b

    SHA512

    d4e761bb295cb8e70ff71b2af4a041f843296dc252381d35855d299c22d26804bc30908591f36e72f40f8678386837d4306fd4c1ee24ef03541d1a26a61ef1d6

    Download Submit