Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:05

General

  • Target

    9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9c7efd59018cdcef0f65f146433e4170

  • SHA1

    b1705709d8982dc74cfd3f6b55a12d8d6e6e8168

  • SHA256

    a879382b34d45ade7615c8c17fdca393ad51b943cd7bbdf68192c2185e8c71e2

  • SHA512

    665d3cebe53738fadce92715437ff1593a20bf107024e9be2bc60ee98d5260b0ee5debe43a85d9f3935ce6ea64e10b7de878ba6bdfd28985c650a46a2449f3e3

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBA9w4Sx:+R0pI/IQlUoMPdmpSp24

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c7efd59018cdcef0f65f146433e4170_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\SysDrvD3\devoptiloc.exe
      C:\SysDrvD3\devoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxAF\optidevec.exe

    Filesize

    327KB

    MD5

    a313af8e58609039892c4bf34524092c

    SHA1

    6aeb55c1ddf94c5f2cb7631e1955275f09ecfe7a

    SHA256

    27c0baeaf4f200991fa4f617e827a5cbd6cc42a561e7a7c64b9740ba043eeb26

    SHA512

    685433b31d094df888e707365557c58374c3a9513de938dd2ee9d9321695c6b4f95240a4e57e7716729d4f4b0c070f0d3fe5ac03fb440c203de38577d235c87b

  • C:\SysDrvD3\devoptiloc.exe

    Filesize

    2.7MB

    MD5

    b15665711fd587fc6c41c207a0692c58

    SHA1

    76226b17bc6fdc9cdf67a72aa84abc8355472eed

    SHA256

    ea472632a0de7b6adf83516f90e984d533a3a706999e62b084425d09db6b3146

    SHA512

    021f0aebc999127c30a237f2d697137fa8ccc8df570d5801bfd0b151b7e6b421078ca831a70cd691e7dbb39f5e20a6d12f78812332137539e6632e568e280c70

  • C:\Users\Admin\253086396416_10.0_Admin.ini

    Filesize

    208B

    MD5

    8dc432354cfeea0674aa6c5f81619934

    SHA1

    19e0ca526f27d750896674104fa68138b9190a13

    SHA256

    f8355eeaadfe4ce6bb35f19c868581f158ff961b5a64648f99cda7f22925488c

    SHA512

    a0897a35a19c56b63d772a70dfad8814bd10a8d65434e1ad5964801e8a1f9a096c1da58d8f41a3fecb1f7e464bbe9a7130b6e3fb33dc9e24890c677aa1e46804