Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ae977b1ddc...cs.exe

windows7-x64

7

ae977b1ddc...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae977b1ddc2cff1496ef09a2162bf3b0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    ae977b1ddc2cff1496ef09a2162bf3b0

  • SHA1

    225209ba538a57a610f111de7828baa17d304d67

  • SHA256

    76c696ea0e60fc04571004b198b36a2ad6d5dd22fe8bf40110de13863b430ab9

  • SHA512

    bf5ab3d4862704b81c7de23a590f678ced8ce5c0b0b87509d90958734eb7476460c0c5ed0ecbd2d823cee7a9a04f320af59ead5a1635a9ce5e9bf37ff6cd2755

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSp14

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae977b1ddc2cff1496ef09a2162bf3b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ae977b1ddc2cff1496ef09a2162bf3b0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\SysDrv61\devbodloc.exe
      C:\SysDrv61\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ4T\optiasys.exe
    Filesize

    2.7MB

    MD5

    bb9ceb88dd17248cbab7372fd1c93f61

    SHA1

    71305bd691812789a1115dffc31bba836df6f46b

    SHA256

    d20cf59b1bebf1a4741fdb9e6e2cf1bbc2c905199abfe05c9f0879fecf3bb5f2

    SHA512

    351ab5bcd0dbdd7060135bf1faa8d94108508dbff92a8797b8a21545629af3a59b70943259a64941b85131c1fba0932003eec6e4a8e428983f8f684fa8dff783

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    26232e47c4b55a5584d3c6b964cd551b

    SHA1

    2963ee1139fb88506559904f9ccd5bffa9333a00

    SHA256

    70778b4b34e84f83a57ee051c09ed9a34b2bdfdab7106bc45d9352960b283303

    SHA512

    3d1ef8333a1103c158bbfc382653a69fd0b560f85b7f7123f95130f44265d3b86df660c04f2fbccecf7e06732848886206c44a5953093d68d90ac7cebaefedc5

    Download Submit

  • \SysDrv61\devbodloc.exe
    Filesize

    2.7MB

    MD5

    f793a4c2eaaae9976cdb0f59df4cf997

    SHA1

    c6ba39f2675ef18c80a4296171898a9f428a8af3

    SHA256

    4bd1bde472269fb5eef10848270d99c1558cac11bc2e06864ff5b14da57dbd3e

    SHA512

    0819a640926f377534bb860fbdb8df96ed794b467b67f57b48051cdf4240b44d80bb13512cfc8829372a6d474055b79898ff44172210d75858a5d42916ecf112

    Download Submit