Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1d5ba9d33a...cs.exe

windows7-x64

7

1d5ba9d33a...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 20:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d5ba9d33a7b4baf7eed773e448fcc40_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    1d5ba9d33a7b4baf7eed773e448fcc40

  • SHA1

    2a903c6753f21b0d01901eb4bbe0125c96c6bf53

  • SHA256

    645b5df848743fdd0bf4a3092f7a1506942949d92ebfadc37d9dc33bcf316e5f

  • SHA512

    de6e66aa4957c5ff73065d0ddfeb122d7141d1876e9d4e4defa7d62fe5540d1d85360c5ea01c14497861cfd66a9ad9d2411e4d63186e2b5b5f7240424da699d9

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBr9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d5ba9d33a7b4baf7eed773e448fcc40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1d5ba9d33a7b4baf7eed773e448fcc40_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\UserDotNS\adobloc.exe
      C:\UserDotNS\adobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZUO\dobxloc.exe
    Filesize

    2.7MB

    MD5

    e5060d33a1a693c9be7cf84a0024b0a0

    SHA1

    d052557c772893995c1dc63bd0661ced163fcfc5

    SHA256

    e509a5224b009652c830eec5acc1fd6ec0050796a94d7285c073ef0d4424d0b3

    SHA512

    edb1c1a04ab6d56094009c8553784ed99d30ed243e6c89a967dfcad3f399a837b3446da4f2c9ebc3de6f818e8803839f65c5daf2f637cbce072079f56309909a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    202B

    MD5

    4c14406cc90850a5216654fcbd63215a

    SHA1

    dd25e8bb8c7979433fbe14b0f8351bc353457abc

    SHA256

    f3e1a6b833e4d29689aa428a00ca6b8fe40a39fa046f9d9db072dd24c8fd470c

    SHA512

    4d514b5c5b924e4d75e66316de191c2427e534cd4b639887da5c35605c65722b3e8de29efa59baeab07568a4c8120d7fdd44c4267bf7c15fcc74bc8ea91d7999

    Download Submit

  • \UserDotNS\adobloc.exe
    Filesize

    2.7MB

    MD5

    c9a4e5b3721794858dd57733aeb28c74

    SHA1

    202e6ca912d05e95d35302a4c4555e0fb942f5c2

    SHA256

    aaa21cd65c7b7a70bf5ea9d29b6dea354ce3b09f0c21a874c0df500e310f8fe1

    SHA512

    820a9d5f378ff2c0d9d11a2cd62f648130491b1958e6fccac8456e97775aa6ede0470567620cdcf47bad661ca1a25ec404b49667cee8bc41b3332b86f7e4a2d3

    Download Submit