Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1f3d8dbdac...cs.exe

windows7-x64

7

1f3d8dbdac...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f3d8dbdacef0182fb7cf9fabc164e50_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    1f3d8dbdacef0182fb7cf9fabc164e50

  • SHA1

    53f19b7d4f52c2cc64243c1ecdf4d6d16ed90f33

  • SHA256

    15c71ee914a25dc06ef41f6f79186a4252b2c678d6b12390a09e868a86d19733

  • SHA512

    62dba28f9183f2d4c1d6950cf2fdacf22e8c9e622d4bfac8a05bd4871f6096fa90762da1627352013c7707be64d5a6aa26d77b25dc65d198ddc3f634460ada86

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpz4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmc5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f3d8dbdacef0182fb7cf9fabc164e50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1f3d8dbdacef0182fb7cf9fabc164e50_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\IntelprocCH\devbodloc.exe
      C:\IntelprocCH\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:6092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxWI\dobaec.exe
    Filesize

    12KB

    MD5

    d5a7d525dbe308b8a427c14d39f93449

    SHA1

    be921176bd559fb31ca16ffa3f7b1138564947f3

    SHA256

    8989c30319b39766d8386754527ee98423aa21136d1918453163df7dc04c58fa

    SHA512

    87796e55cee373ea3be465a18afcec7543ea327cc6f5a289619a90950d3b9b16cf510f7ec55871ee8f7a27fc7bcc672ae59cb2a6862aadb1004c706de3925521

    Download Submit

  • C:\IntelprocCH\devbodloc.exe
    Filesize

    4.1MB

    MD5

    b8ed737d1127388ce0f786a502fc0df2

    SHA1

    f4310ce26f70ab3fe4c0259c75ca4e33275d13d2

    SHA256

    6ac03a453dc89a695f55623be0ed9a8a8979f5ee4e9ffb8ef80ad2eb116a8823

    SHA512

    d09a188a4dab4646f093c67dbd7aa7caf8a9dbfd0c275e7344b91d5212ac0946dc854559fb8a6167f293ef606fbdf621ad11d1b2402ba202a9eb1a64b755d7c5

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    9291ff3b7113e65aa3137c46746b89f2

    SHA1

    db616e8317f7feccd2fced15683e42b1ad2426ef

    SHA256

    1bbcb3f3d8d6afe8caaa500723900ab2b32f7294f82f47bb70a6d13b6efa3529

    SHA512

    155b3d589b520a666f9d55114331aaa7dfa6d974a6155a68a2f09600af121b0332265f34c3d0f9758a38a1dbe24ed89575b3a044ecbb30722190cb8b797eaf7c

    Download Submit