Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 05:09

General

  • Target

    9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9c9d7179c498b8e79e48943f114d4d80

  • SHA1

    72080780690f08709197b334050539b73eb9bf84

  • SHA256

    fa154c649cd3df6fef0a1393cae5c74aeb2e24875b9dad06fcdfce60a272987d

  • SHA512

    64ce7fc4101ed19cd147cabcd542f6ba6286dbdc6a88ec1fe4ba9616d7b203889e607143758f30fc275232047bfed8852d8a8a224f8ba1f63e04a873ff8ce909

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB79w4Sx:+R0pI/IQlUoMPdmpSpb4

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9d7179c498b8e79e48943f114d4d80_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\IntelprocF3\devdobec.exe
      C:\IntelprocF3\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZI3\optixsys.exe

    Filesize

    2.7MB

    MD5

    66f47fd40782318581bf447ad5b613a5

    SHA1

    33c0f8550b7360562ee3cdef13477cbf4d4c29f8

    SHA256

    02e9c6ae6a086791a6fdb40bc1b3fbd0007f5453ef9e75b1177dfffbc04da240

    SHA512

    bb19bb04478b0c092b78eee16888f454fba2bfa16755e090faabe678722141312a2722c92032ed920fe072c6c06288cbd75787e37cfb4cb2ebbb50966b3a94bf

  • C:\Users\Admin\253086396416_6.1_Admin.ini

    Filesize

    206B

    MD5

    32349e6f9a6186efc63703649e0df12f

    SHA1

    1588b21c4688cfcca2b8a8056ae3e598dabc699c

    SHA256

    ffb15274b889ba49986269a1385359ad0f9d9c53d51856d965627bb44f138991

    SHA512

    68326d690c9f95948a7ba2bc76b37607ca4e51f9f8be5e2b102d804c40b5be24ddd4c94a0d25fe4f1fea18c4f4fa01ccde4c631ba228fa7d432b704556e6fdeb

  • \IntelprocF3\devdobec.exe

    Filesize

    2.7MB

    MD5

    6202cb5d7f847f70c0cb5ba8152ba729

    SHA1

    d1a7f9fe789319c62a313497f7ae56bead38ee78

    SHA256

    6ca46808494c7ef5ff3c57cae8fae9179824e3a874ae2c9ce9b19de7665472ae

    SHA512

    b89c30601fe845cf9af6168c3fa78a6b88227d2075e0af91529c21106f15d86d651ac6e677b0be63eca3eb23eb298a3c72d8e8e59de70005dbafa5fcfd33811c