Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2748d42331...cs.exe

windows7-x64

7

2748d42331...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 23:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2748d423314876f9cebbadacc1360930

  • SHA1

    c6941c346b8b4cb362b231f073b5763852995d74

  • SHA256

    7db61eedc512dcc3d726a171debf6d14d6feebac562d86ad8a3c634a96452925

  • SHA512

    e37d5d0c3d8bc6512ba80d73403ac2d1e2125120b22f78ac1b39cee2529844f0319a4f01a3156673703fc357750048e6c22893f34925d0eea566c68138397362

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\FilesKT\devdobloc.exe
      C:\FilesKT\devdobloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxMQ\bodxsys.exe
    Filesize

    2.7MB

    MD5

    80402fd43322ee8e9505bdca620bc871

    SHA1

    8d8c033b2851d5c4b81c86b161887fb8a92396c4

    SHA256

    c95b483308ef508d3b08aa062f57d0e8cd117ce657c8f9ddf646e18f05d70cdc

    SHA512

    a9bae6e32da9983d31973a7b2f707b7d90c163a4253a3b0c9c32aa9163e0dd547d9521e45e9eb08ef7c57a9243ac2dc4c46de87284e6e1b747f3f3cf8d59ed8e

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    a22e1b68cbf5046517f2942c88d47f16

    SHA1

    ba89435351c6efc1eda9bc91dde1c838d2245047

    SHA256

    51d4ca167d90c5e42c09e1fa63f5a3ff195f0696a3df81092f0ad3d7b180b5dc

    SHA512

    9bd62cf201cacbf25f4ec1daebf3892fcf21ff2a33ce066b4b3594f8f958ad7246e1d8fbe08f263b8cefb413eaa36a142a185b478f0e1e3bce511753839527d8

    Download Submit

  • \FilesKT\devdobloc.exe
    Filesize

    2.7MB

    MD5

    283df332615705f554337b11bb2a808f

    SHA1

    8f39a7136c77eb7379dcb64c6e2ce91bc6bd11fe

    SHA256

    72be4c337d10894e7af3c6443437a17a6452c2c9e361418df28d1ccee79ca044

    SHA512

    4b84fdb29c6e3378902c8c61ed666793055e69a4cea3ed5d274c90e47c6830393c99b74671017af1129a91e16364a78e1534ebdcb6ba768e81254cf8aff1fa98

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.