Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

562df3f5c3...cs.exe

windows7-x64

7

562df3f5c3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    562df3f5c371fdd39ae342de085d3d90_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    562df3f5c371fdd39ae342de085d3d90

  • SHA1

    5076656ceeaf986d80f875891ef443362878d2a7

  • SHA256

    9de1661bb924d9c89d2c53f19a75b3f26db6aa4f34ff67ed062e4680228ceae6

  • SHA512

    484c53b7a5445cd7fdb727afabff33c12d5a1de855482542b916ed8b7bb13291ef56a1b5feaee6387a7b7a55ff513bb339084e913f1ef8ba43adfdff47da25db

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBw9w4Sx:+R0pI/IQlUoMPdmpSpi4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\562df3f5c371fdd39ae342de085d3d90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\562df3f5c371fdd39ae342de085d3d90_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\FilesTW\devoptiec.exe
      C:\FilesTW\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxS8\optixsys.exe
    Filesize

    2.7MB

    MD5

    6fb7527ba589aae1d4550419aa4a50cd

    SHA1

    25f447bb8c02c41ed5bc335426f12e3b1e74ed19

    SHA256

    78ed01f4df4060bb6d68407081111239045d09051413584efd6d95309da6ce41

    SHA512

    132e707bbd189538d6b1a8c05491659cbc1e9bb49fb4d275693f3b47e177b1acb772269d34d18fabb24ebdd6f7a45987652e34a4c031e6c47ced1bfcb56f5a27

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    6851f9503ecc4c1e857a5a6139534a88

    SHA1

    3a2fba0ce59f0dcda0b8bbecec93db4670e5d41e

    SHA256

    580cbadcab52fdc6b3801363b3f3279070948dbeb27d2580d557ad62adcc6a0a

    SHA512

    6dbbe74eab20d1b39cec936ca7d2a1116ef51741dd09ee9561dc93899ec2b08b6204a7808c566928df3aee80ff9d331e46d25b3c269ad3939ae9b74312e1e875

    Download Submit

  • \FilesTW\devoptiec.exe
    Filesize

    2.7MB

    MD5

    64cef67b128a2d123a1331635fe65c85

    SHA1

    bab9003bde26fbc95da3b0552804c8eff9bface4

    SHA256

    7a8c7a62c47f248be112fefc8001a0d35f17298de51b70b8ca753a979b86d143

    SHA512

    befd88b19efc59e126f84dc9dff1946779d763c82f2f6f3a4b0beeb123f44331e7a714a4d78154a5b286648a644c1941f0ee531343e0de19517c67d55fba4eca

    Download Submit