Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bcfe017487...cs.exe

windows7-x64

7

bcfe017487...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    bcfe017487a3154741fbc7a0ec51ed90

  • SHA1

    aaf0251dd2834c2f35e87471b48d2a5722afd215

  • SHA256

    ba2bcdb7f7a07905a9be4c223eba6477ef2de779d47859a95299c844c66625f2

  • SHA512

    ffee900f4c741221ae6cef5a8672fc20bf63e2599db2eaf82db25dfdc58b6f9a135c668da2e952b1e9df926b48f6328c97f897c55b5f343d90c8fd07d161cd7c

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpi4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\bcfe017487a3154741fbc7a0ec51ed90_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\IntelprocJX\devoptiec.exe
      C:\IntelprocJX\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVB80\optiaec.exe
    Filesize

    2.7MB

    MD5

    c9ead4852f2a1f8a95b3c615fb0e68ab

    SHA1

    71a6139a9d7228a3f02b893e71a4c1c228a81ecc

    SHA256

    0c78b8b770d2b167c9db77b98b43d67b25bb19dd7ffeb89c4c6d83ab371fa4ab

    SHA512

    43df31356e9a0d9097562c5bc258729bebf7c3acd1d5cf535d81f3fda517fca9afb7e5f795f78e69e302a0140233c95e7d698603105d7db462de24f50317735a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    964ab47a066c512157190efaae240f8b

    SHA1

    0036755b56f5538d5cd271950837357fe05de0e2

    SHA256

    15192d302ed55a14ee10d61cfe80970d717f8e3145b76743513cd253c55841fa

    SHA512

    c91e57099f8bdd3fee543300a2bea5f6a415b0e04e62cba7449eff8990b8dcf07f75c70251fd6a1681028c247f20b2f96df2f926ff20c651e5bc1c9a63d833b3

    Download Submit

  • \IntelprocJX\devoptiec.exe
    Filesize

    2.7MB

    MD5

    13da7b467a23de8687672c7c87efc39a

    SHA1

    b207660722b8e28e1856d1cf76844f308fcaca75

    SHA256

    122f67a96e9da817bbb28bc71eab52b534fd90683783b9924306a69f411565c3

    SHA512

    777e9d4d431915b96077dd71f1d4acb693705b7302cd8cfdf1486bb71a82ad6f8c83cab9ab74ad0c156feb67f52eaf39f7cb8c2d31f004680ac2ec91c897c71a

    Download Submit