Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

732204ac69...cs.exe

windows7-x64

7

732204ac69...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    732204ac69a545f3d0b47310eba90b60_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    732204ac69a545f3d0b47310eba90b60

  • SHA1

    55b47c692d6eda2e145aa4068d696775ef0968dd

  • SHA256

    7ca8ddb88b521a5c2c5df7710dfddf9f730f5f0cc64fbdcb8557c850376b9aa6

  • SHA512

    6f3bc6631fa17d08593f82b36fef8e66029b87f1856c3031127fa92ec697bd634ecda499d03d13e9632ccc1da8441e3d58a0e5d855c5d6bbd62a915416e954e3

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpe4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmR5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\732204ac69a545f3d0b47310eba90b60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\732204ac69a545f3d0b47310eba90b60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2832
    • C:\SysDrvN6\aoptiloc.exe
      C:\SysDrvN6\aoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintSR\bodxsys.exe
    Filesize

    4.1MB

    MD5

    c1daf3bfb39d65e75fceb8d91d94d7c3

    SHA1

    105344d56188ae51c83aea14b46a57df9ac4d529

    SHA256

    61ecf55c9d24fa954d497b71e97480b238fe3199095fd339b9ced9f81d0b9ef8

    SHA512

    8dd2688c068d165cb1208d6caf2659bfa9796d124eefc537e17174646550c52e46c41e420de4192d908c0913a460b5f3ff99c8b099da5953ae246de45f8d48ef

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    18a23752dd68fc5442c15c48293a3980

    SHA1

    a7e41b32af5c0a38422183067c82fafeb02c9d63

    SHA256

    b840b0bd4f89e253f56a7d6a21acbec6372563b1aa9eb891577fb420ecd8bb58

    SHA512

    d938da215876b92d59b42d7fc321c97141e2533dbf4536ec35a0ba07893f3f23d44692a25fa141ce86e8e96d2eb393b61637971296f9f5a6e4609987ee152e25

    Download Submit

  • \SysDrvN6\aoptiloc.exe
    Filesize

    4.1MB

    MD5

    5843c2a29cf775ee70122465d540c358

    SHA1

    18c93323c2520d1c0f4f9ab73d024f822fffc9d2

    SHA256

    c0483e95f4003d4a95137003f661c627e881084a908fcbb0f9338c299c5220f2

    SHA512

    3d6d5f12ce4b7d5c15b84c81daa66d25ad47a25c79124a70c40a0096bfcff72ec1f217a96081db908df4626f978514b1773e2159e05f62250c13d3ee6a5381d3

    Download Submit