Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

85782863a1...cs.exe

windows7-x64

7

85782863a1...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85782863a1699d9dba449b7affd51940_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    85782863a1699d9dba449b7affd51940

  • SHA1

    9e7bebb2e5bab28250683d15a6d30c572ee2f0f7

  • SHA256

    b1a6c4faf48eb2d00355d976c3314d8cfd16408799c2411cb440d7ffd59f60b7

  • SHA512

    f1e228709a95970e48b95bf26499899537e482d300d6193ada57077501615becae8b283c7ee0b192a0dc31b92319a8028f2d84d865bd19b869d50863370d5146

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp34ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm05n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85782863a1699d9dba449b7affd51940_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\85782863a1699d9dba449b7affd51940_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:384
    • C:\UserDot12\abodec.exe
      C:\UserDot12\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxNH\bodxsys.exe
    Filesize

    4.1MB

    MD5

    6bf4ee6ee4a9282c280a6427651c5bc5

    SHA1

    32f223c5cc7c4935e3e57ede9d984f35ff02b7a9

    SHA256

    d0dd5fc8962667a9fdf57bc40e4211c30a63641584fa08d37e6d5985a2f514bd

    SHA512

    12f9573119307fe94f9263eb9edd7251902649bd483e1457f5bf6a2084798b14e6be23a58b9821bc37c139d049d43b3a59c638166e0634f6ae8580714bd78c4f

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    e8cbd66b5d54201afbfa3e68bd8995f8

    SHA1

    f5cf6fea2d31cd9e2aba1cec434e5b955bb6a0c4

    SHA256

    876147670bd97842f93878e1a2171718dad5bf81c7d041243bcb414fc9906b4c

    SHA512

    3c58f95dbc5805211f5a439915ef642a2d440903c42fc8df1b15a7ad98dfe71e0df67c76a6144491b9fee0491bc80f2a15e2751cdd3b37baf4e7d02ede2f8b90

    Download Submit

  • \UserDot12\abodec.exe
    Filesize

    4.1MB

    MD5

    10981baa74b5c244e44d5066357bb513

    SHA1

    f8a0e5018261cc85df24e812451dd1f484bfe6ff

    SHA256

    20649b73bbf9a20badf79afc109ac3b6a81b585587f690485fe6804d0dafe3df

    SHA512

    b8402cc1a56815d688441670337ea18f744a5db3ebbb83a81c32530d9150cca3e70baf0f27223ea682856d849a29eca36b38c325e3b867eb6ff9a7d94eefb3b9

    Download Submit