Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a019a629e5...cs.exe

windows7-x64

7

a019a629e5...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 08:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    a019a629e5ab1c4e0d892a763cd6ef60

  • SHA1

    46c5c98d9dda79cd9117105b188b4c2bceeedf5a

  • SHA256

    a0a23a3d3796d50b8b499184a6d4415666a21d5d23d7040c2c838370f22d7c53

  • SHA512

    6ded71e55644d859399af3a61071a6a4cddc7babf424d0b39d9a8b3bc8a22308c6c322d042f1de58bb6a133356ad35d51047b6a80b70689d4cf01110925b8821

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBF9w4Sx:+R0pI/IQlUoMPdmpSpV4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a019a629e5ab1c4e0d892a763cd6ef60_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Files8G\devdobsys.exe
      C:\Files8G\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Files8G\devdobsys.exe
    Filesize

    2.7MB

    MD5

    d7bb3b7ebcc1a03366707d74c848aae3

    SHA1

    e18a086f3c5d3f37e1659c450a2126c73f723bad

    SHA256

    f69a4375ff33fbe3e226bfa4b8c1cc057e07e6e0bac157c3314f2a2f50ddd447

    SHA512

    af8dd385f53aceb48fe73c94ed03c085413bc8ab22bc33f671c9086a21579275ba114aa5da8dc93ef0ebe2dd8aa2fc194a0d7e914f260755346ec4555c9fa390

    Download Submit

  • C:\Galax69\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    875c5a1d8dec0b58f5f5589b1977d72a

    SHA1

    940e85dd9d9531aedb232e748c4cb1ed4050b8a9

    SHA256

    f077f41372a855072aff898df644d61b1c07bf0fec39a12df1fd53d66fc5890a

    SHA512

    eba4ec0f31063cc0372addfad9999beba652560ce8cedfffefc0ffc28ec860c4468319cf3770fa9afb9afb59c2db859650f9280980d9986b4b52f5f87d4b22b0

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    7d8c146083f84c6b5a9d8aa59a10e8b2

    SHA1

    43aa8c3acb5659c83a88094e4e4ea46f444a69bd

    SHA256

    d79ad51019e222917519196dcd20fd77db867167b40b7d0332b1639be4425617

    SHA512

    c568043559e2a90c9c21b45caf06cfac52a96883e8e601614a73353110693803a47fd1664f70e1260e4ddf608debf2194cb7103dcd03b9bc664c5de251d11bfd

    Download Submit