Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0dc5d6e66d...cs.exe

windows7-x64

7

0dc5d6e66d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 23:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0dc5d6e66d99d3360d8bd0baf50bc8e0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    0dc5d6e66d99d3360d8bd0baf50bc8e0

  • SHA1

    92de0729f05279b9b67776fbf37ca0a605c217fb

  • SHA256

    2a8850f3f16ec611d68d80d8d677d9cb23e7eecd08ff6006a0f98445f49cd8e6

  • SHA512

    fa0528c4173ca158031d84e5990b29fcc541e2af3d6dae4fe15056c579d21d5741c6237ba53b65df152c533adb43bc2d1cae5f52c607c550eef344b368d791c6

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBR9w4Sx:+R0pI/IQlUoMPdmpSpF4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dc5d6e66d99d3360d8bd0baf50bc8e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0dc5d6e66d99d3360d8bd0baf50bc8e0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\FilesU4\xdobloc.exe
      C:\FilesU4\xdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesU4\xdobloc.exe
    Filesize

    2.7MB

    MD5

    d38e5e7d1f35179ab96ed7022c8a2bd7

    SHA1

    a8a81368eddb8dc704d14bc94fcf42c9ac6827d8

    SHA256

    8c8b2fa5a9138a8f5808329da80dc03a09358610c16dfefeff64dfae22757357

    SHA512

    54ab181f473d2c5078ba0367a8037e0ffd0e2327947e6e0ea0eec9765f68b2a38bbe29d91f7a38d524ea4dd3e6bd8a06584933aa05d2640ecc262273ea33a4af

    Download Submit

  • C:\KaVBUR\dobasys.exe
    Filesize

    2.7MB

    MD5

    53a599e5688849f5be43c31771df3ef2

    SHA1

    cbb88a6cadbd52fec73e32e34e4d4d4667684498

    SHA256

    ccbd5284d4cb9c188fd24b4d82b439a58abfd97d14141042f6c3cedb8abe6fed

    SHA512

    9c785c1de2a3d98a053f9a5edf2c3e533015fbbf0947c294ff466fc27762389a878d26d18024f89070e37ac9a104d6da76a4d618c70174358e53138295542167

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    3637f6ebcff6d0fe767728ce14b2b9bd

    SHA1

    2cdefc7aec51a0285c64fba94a30e81ed8fae273

    SHA256

    f4b5a5e7c564e48d749a3ce0a770c0f446c31efdddddc88a59fe1d9eb6208b6d

    SHA512

    aee1a27281625385f9d2a9ec32a9a8b963afb90bd1fc26546072397f751e06e5489a0566e1a926b90efc283c513bcd973e3d4432f25adb79929e91075e71be84

    Download Submit