Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c676deae4e...cs.exe

windows7-x64

7

c676deae4e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    c676deae4e003978a0a771cce2b0a370

  • SHA1

    ebee67a72a9792108c71a89c7eac643721c4b553

  • SHA256

    a3226c6d6ac2de92eedc5d7c3cfa939bc90af6f67c4ad483f31b1baf6af4c9a9

  • SHA512

    fe4df2191bf8c7e5bbdd363794cc112e6d667ce00ad0f4619c46851e87751d8a085e7db17da97a98b99b9fbd2db3b27dcb61be9ddea560c73435c06e6f3398d9

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp54ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmK5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c676deae4e003978a0a771cce2b0a370_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Intelproc7X\aoptisys.exe
      C:\Intelproc7X\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ5L\dobxloc.exe
    Filesize

    4.1MB

    MD5

    b97c2a228b74e3fc4b1ef1a087020155

    SHA1

    f8ffa28286b3269faaf36ff92b2d62ac2045bb8e

    SHA256

    b225129b022c1053221c0f6251a142fabd70d03cf7063ba2096f359475af3143

    SHA512

    dec4b10153ea643e4ddf2f1161d3c892f42a82e5fd7a0474fe6249db15ca3cd9cbd9e24a23221007cfe34c895e888826741d65a70eb3445685f47b0361c071ec

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    a2e0447d7a5c3096e34e587c7e40d0b9

    SHA1

    6b073e207471f6526657777221eb278bddea62a4

    SHA256

    bf77a470ab2bff317d6f825eca721d7ec61c33b5b24620dc8adafbc2e376f6a3

    SHA512

    d1b69b220c69fe35ce96594d24e39e96b2fe11a8f1312731bf03daf788bb1b2b2ab14bf169af0a0d02cfd32e400a43f908f20a18bae4913e9204adff62ea1116

    Download Submit

  • \Intelproc7X\aoptisys.exe
    Filesize

    4.1MB

    MD5

    54f0f62fabab62964f0a3ac93309a8e8

    SHA1

    8b187b4ca4ecfaeca3a74cabc96e2a5e7a2fb318

    SHA256

    a69a6320cc3e8f8578fae4cb5db757ea6046922f8964414774142d01b50d5f4a

    SHA512

    22592b45a9465b4dc9822e25ab222b86f96f984fe1d6e4af1ecc0a3ca6c98114bfdd01117cf03398a3f1aee4e00d00733e38f7ab9cf78ebebe5edc6db76650fd

    Download Submit