Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2748d42331...cs.exe

windows7-x64

7

2748d42331...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    2748d423314876f9cebbadacc1360930

  • SHA1

    c6941c346b8b4cb362b231f073b5763852995d74

  • SHA256

    7db61eedc512dcc3d726a171debf6d14d6feebac562d86ad8a3c634a96452925

  • SHA512

    e37d5d0c3d8bc6512ba80d73403ac2d1e2125120b22f78ac1b39cee2529844f0319a4f01a3156673703fc357750048e6c22893f34925d0eea566c68138397362

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBj9w4Sx:+R0pI/IQlUoMPdmpSpr4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2748d423314876f9cebbadacc1360930_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\UserDotBV\adobec.exe
      C:\UserDotBV\adobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintDI\optixec.exe
    Filesize

    2.7MB

    MD5

    a7e730bcc84c73e38956bcca3e7b22c7

    SHA1

    2779e7e0f169821f6de30215721aa1a6e0fb3672

    SHA256

    a9fb232a7e744d8b7a07a87f8b4397b22fb843c3aa2dbd9829370696d974094f

    SHA512

    aad3b02de0401717c947d704eda397375268974a613036fd2be2e90b7bfe32690eccc083546d685a2abf8bc58e30594574483a0827c2fdbf04a65d50f6fe1cd3

    Download Submit

  • C:\UserDotBV\adobec.exe
    Filesize

    2.7MB

    MD5

    167781db59ac20a85fa5fad0a74c4514

    SHA1

    9e1e66d4f1e4933cb86d675a10cd5a70777b9675

    SHA256

    586eb9c62e880f380673090f8625082dce5915f1a8f4b83f1f91ee72389cba6d

    SHA512

    b6f116d2432a13e11fb16edaafa83352196e9997b06d7c05d511f43ad02e9ab7047579fbf3a0fc556ab326646d3b3f89996cbecb66b8892577a147a94e0eefa6

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    948c5b7e7c0de1f1cfacd70375e9b3bb

    SHA1

    3e64f7d752c85b362da958dbb2fab9a314800bfd

    SHA256

    ceceeae019b8e52a477fdaaa5b257240f256da6d9128248cd75e2a02e89ff524

    SHA512

    a13672d1cafacd39a8f08fffa4136789d8c4a2b1fd3797b6cefcf1c88b71e8acb6e7887ee24a6f2556c651f638c80d9c628e4fb057ec855a22e697dd93b7304f

    Download Submit