Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7c05815a42...cs.exe

windows7-x64

7

7c05815a42...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    7c05815a425d8a45808e809f24d8ffd0

  • SHA1

    0be144ae6b8855a42516d132fb5ae2ce0f446fba

  • SHA256

    fbd868157941e2ce4c599b945026939277ff9256dd97ac338e93cbdd1e8f60fe

  • SHA512

    c1ad7b85bcf8dc96ab6fba7653e6951328207ec537afc7a82ed0a0a01308cf282476653d363efcfc3bc1b67a22666dc88b3861e1ffe2d4af69c3b4b71ded7afc

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBe9w4Sx:+R0pI/IQlUoMPdmpSp04

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c05815a425d8a45808e809f24d8ffd0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3840
    • C:\IntelprocQC\devoptiec.exe
      C:\IntelprocQC\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocQC\devoptiec.exe
    Filesize

    2.7MB

    MD5

    9ebc96152a93301486d671756abed490

    SHA1

    752f6f7ec0591d563a0447f394d10c283845f9fc

    SHA256

    bd0a9520ac83012fbd4e2cd5a9735b3ebc0980c7bde3b1a03da1da15055c48c2

    SHA512

    d556c58b4bce88f2b7cf36c047e0c98a5b0a58029f7bd7f49932069e8d2133f8f9613b331c4070cbc95d7715f95692c7d378001c255acf9a9388d098b2331b6b

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    e60d847ccd5ffc3bb13514a0b40e1de2

    SHA1

    790a5d161bca3d2008331c3c890ccbb596df2bb7

    SHA256

    7e1972355088481b5176834ae74add91ee092d13ddd46591d431fa39677cb00e

    SHA512

    be24b38070c3e2aba40b0a788bc26cbfc6df901b6fc84943afff901dab47948524b15f33197addac9c24f8192b8bb8b31e58dcf781fb24a86e10c58a092c13c9

    Download Submit

  • C:\VidOF\optialoc.exe
    Filesize

    2.7MB

    MD5

    29768eaa605c181320a56a1d0dd617d8

    SHA1

    aa2611d64dc33c8a28af63e7ea14fe62461326c4

    SHA256

    f70f41cdfd8487ceec204f3a47c72ad3f8db767e8c5bc9ce79b75484df1cfc06

    SHA512

    69ccd1b51ce8610c99e6c1e133791155250667375f66ae1ee113dd1cf556505b24c438a5ea99398e977d690b692a32a5936ce22bd2960446a023bf0cdcd839eb

    Download Submit