Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

83dcb26e90...cs.exe

windows7-x64

7

83dcb26e90...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83dcb26e90d232da7c531a16b2d98e70_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    83dcb26e90d232da7c531a16b2d98e70

  • SHA1

    cb0480edd2b8287f1281fa6defaa8a004f173aa1

  • SHA256

    aaf3649cfda4b6f106eec8671302f68a2b47d1172445bc86646b607c62f1b5c2

  • SHA512

    00cd7613c9ac1c7f8b2777fe349315adb37f453efdb6e739f39f00de115e89db551fa3ba2b5e4070c2e079f4398799296c22cb687419ce1e145bea4755f50840

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBE9w4Sx:+R0pI/IQlUoMPdmpSpa4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83dcb26e90d232da7c531a16b2d98e70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\83dcb26e90d232da7c531a16b2d98e70_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\IntelprocD2\adobsys.exe
      C:\IntelprocD2\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocD2\adobsys.exe
    Filesize

    2.7MB

    MD5

    f9933625e964fb34028c2dd4b732a0b8

    SHA1

    52baa0a05bd251725350e079106107bccc2777e5

    SHA256

    0bdd98eaca17873aca4d7a92a5552188b16e4ff73b63009799e238c8de231569

    SHA512

    b1036c1cbbedeb8b06fdac2233b646f4dec0d5b5f6a69060542fe38c6760c21659bb613e25fd44b11b854e308e449d15a42027297c5748271ed1f59953f94c78

    Download Submit

  • C:\LabZRP\optiasys.exe
    Filesize

    29KB

    MD5

    6f2d49c5cf2bf7469896d2e0b88d4a97

    SHA1

    103dd13a045af8b00b30c35f40579bf976331c8a

    SHA256

    9ded0e51febb3d6edc5cd358b1bf2d3bf790b0dfc116e02f3e82d03a189a3fdd

    SHA512

    0ec62c74e48b5354450aca2449b66682234feafb93c37e939e30e9c6785810ca5c3e82f0b2a06f09715a867f91b6d239c8942d966c1c1ce26bfa0897c472c47e

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    d4d8d998b62dfb7360d74547bdaf3f1f

    SHA1

    008fa11ed3db99b3275dd49560cb81c3f9da152d

    SHA256

    47c6adc2a1d201c833b52c2714aefa16e947268156063a22b63d39d34d75c17a

    SHA512

    06aa7378f468eb94326defa4d80ea86fef5629917c60edc922a1cd0b37d951af65c8d150a4bc7ba0380350343fa2242698843c2ef21f686abe1adf0722bb7069

    Download Submit