Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46ad432657...cs.exe

windows7-x64

7

46ad432657...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46ad43265774300b039f266db2711960_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    46ad43265774300b039f266db2711960

  • SHA1

    500c490d5f93b86d749cd0be45964c1623cf7ec9

  • SHA256

    e64ee3b3dd3c803e983063f1d72fd73c768522678090aa00925f82a7501a8fa3

  • SHA512

    1bf0a6820934ee51dbeb6f511dd154816d605328ad7a9724b3e92be8e0c8090bacfd37402732e8b0430d8de1a7785cdd4d0ad7a0581d24124c0f3a45bb622248

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSpE4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46ad43265774300b039f266db2711960_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\46ad43265774300b039f266db2711960_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\IntelprocDT\devoptiec.exe
      C:\IntelprocDT\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    eae9e5fac138e19737556e21a2f038e6

    SHA1

    32185c0e8c85aa6e733239cb1688793b93200b84

    SHA256

    01f741bd73ed5b19ecfc0e1ea7ffceedc9af5af7d3ea75fd8345e7aa11303008

    SHA512

    18bc30d8a4c38abb272c60189f460124ee8faae62469d0fc39307f7697d6e09a327487b3e1da4aaa12c0f09840a93b319705b645c90a7ed2ffa301de9e254d51

    Download Submit

  • C:\VidI0\optidevloc.exe
    Filesize

    2.7MB

    MD5

    696ba64445d42c690bf36e0ee6a20f3f

    SHA1

    1331687852f54a74b03cf1786f3dad9abc3b0ec9

    SHA256

    e9e1e33d28eb88f8c20a77b51ece7896c74ce3249f5cc00cfe69b20921982046

    SHA512

    adb87907ed80b83809698781badc196a776a814b0a84ac4303fbe8b0409e0a8c46f479e779442db7348189776830bd04a12181747f23764798a8b547f9ce8189

    Download Submit

  • \IntelprocDT\devoptiec.exe
    Filesize

    2.7MB

    MD5

    2141b40f0c93beedcd9dccf9ec6bad8c

    SHA1

    21751cb2298db4bfc87beb1bf856e3b111a3e978

    SHA256

    cde29f917a76471489e8af2b6cf66cd11f9a8c3cc713e982ce5b8994b5f1bdbb

    SHA512

    0b88391251d80614c8e26d5b0b7900d4814d8aa5bd04e6df46746a947c24d905ef1ff3ed9a16bb29624f6afc5011c9858f44853d5f14297ed50cf7ecaf3cc76f

    Download Submit