Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3c2be3ebb9...cs.exe

windows7-x64

7

3c2be3ebb9...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c2be3ebb9b0d9c1faf5cce8b80453a0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    3c2be3ebb9b0d9c1faf5cce8b80453a0

  • SHA1

    823365f39335cfa6ef0e4834a600deea2b05c520

  • SHA256

    9e902eeec1e4ed3a91615aa99fcfcf9288f387596a391be729ee7a8dc4d6b80f

  • SHA512

    a810d4ca9abfc88bceeb91709df3403a4c15d36a529ade3f9b42e2a9b33963d0628fa5d04c629dc59969d7f4272238f67e2f23caa0158bb10f11f7854af360c5

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB19w4Sx:+R0pI/IQlUoMPdmpSpR4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c2be3ebb9b0d9c1faf5cce8b80453a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c2be3ebb9b0d9c1faf5cce8b80453a0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\UserDot8I\devoptiec.exe
      C:\UserDot8I\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZK5\optidevloc.exe
    Filesize

    2.0MB

    MD5

    5645bf079715b7a7103d73959d1766a6

    SHA1

    b1efa389621393a91add73a2ad4734b6ea212c0a

    SHA256

    f0fe808146f7a5702f257893ea5b5aaab9904af2e179a171ca2bf379dc1e451f

    SHA512

    b31d2b21c42e6293c8ac6ec4f26eaabc283696efabb2fa3e236d001a6ed4184c391cfa5b205a2b904ad22e503cdec368842dc36e4289a9e0ec1fe399eaa07033

    Download Submit

  • C:\UserDot8I\devoptiec.exe
    Filesize

    2.7MB

    MD5

    6e1d3994b0c82979d0b211a06e751dd1

    SHA1

    20e5ca6488ee33d68fddddfbbef0db49bf59bd08

    SHA256

    2e0e9609ae16d2d7bf0925ecfccc5deb47a7caa5d78b83b9e1bc322e7393babc

    SHA512

    13035cdcb9ddead9a25b9d90d8d63e2d5f33d6df2415896b7693952034ee3766ff1b123e30f8a44da790202bdde894f86850518dc4e225eaff284f76f009e07a

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    319fb4630fd735961a531598079f3417

    SHA1

    d977cb8439fb12edf38c1d91449fc16e8da3a7d8

    SHA256

    f84270e48dff880644cb8e8477ce473853eb43bd5e9e48c58922dcfb9f140c18

    SHA512

    23b73900b1d4469ecc57257615bf17631ea2122023107b6eecdb0984a0fa8e0409bab7535e088be455a7fbfe7fcd73e82d8b1b22d387a00f84f8cd3dfd87609f

    Download Submit