Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8d0daf91a8...cs.exe

windows7-x64

7

8d0daf91a8...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    8d0daf91a892e9fd759a4faec5910430

  • SHA1

    bd4485b37b5dd01c0a9227ad3a4107f0478576a2

  • SHA256

    02d80cd2e17f540ddd05ccdc8c861d8dd31f18921996f0774bd071b4064cb1f2

  • SHA512

    27c01f04f57bfb0a7853bf4067fdf63e4b78c92ad1a9ac962b8a027a8a5452fee7d13323f5f460413a66deaa020eab2b4476f527a1b4890935794f8fdef93e68

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBB9w4Sx:+R0pI/IQlUoMPdmpSpp4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8d0daf91a892e9fd759a4faec5910430_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\SysDrvSN\adobsys.exe
      C:\SysDrvSN\adobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBQJ\optiasys.exe
    Filesize

    2.7MB

    MD5

    4692a6f344db8bce88d8b7f85b8d8321

    SHA1

    c93d0641365505abaad1d64c1bfd56d60f08edc6

    SHA256

    43ff90f47e0277015196a8b9e377d60f401196ef7c2941a28f251652c91faf5d

    SHA512

    3ac069ff62b3cb1488afd9651940325525e182087cebbd96ba3863cd9f184b831da453ca71e691b2717abd4ccaeb840804ff448680c2e87b8b03c85fd19d852a

    Download Submit

  • C:\SysDrvSN\adobsys.exe
    Filesize

    2.7MB

    MD5

    331bf206690cb109752187b7cc359ae2

    SHA1

    fbb85c60987af264bf9c097b91df693d64593ebc

    SHA256

    dce2997b4d6adc35f35cb202d73b8d4eb836d87923df4074575da38cc99a8045

    SHA512

    5f5ded94643e0b3b47cc17976e7085996512b0c53f99559f2f78886a7474208e9020d4cf102438edf7a6e24250b71c44ed914f88d0b8791bd229d41a5d7c6453

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    d37b0f3134ca05b6f99b26ddfe886dab

    SHA1

    b094dfe4e838ad0a26a5dcfdc1b10042e1335083

    SHA256

    b37d2dafdcc4ef1ca2470f5c7153c434e66fe0fa19d4c3ec43d69390ff4394a8

    SHA512

    d005e896008eb4dae103975261b5f41d6ddf99a8cd4942659acba3bd395afa560d4643a12f276ea83d70179bd6a8f1cbc6c5e36048e812f63b8ac59cb92c13ba

    Download Submit