Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9edfd3a34c...cs.exe

windows7-x64

7

9edfd3a34c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9edfd3a34cdcea468f6b2ef2667d3910_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    9edfd3a34cdcea468f6b2ef2667d3910

  • SHA1

    4d5686b0d01c4eae9d4ebf5366acd0deabed1b71

  • SHA256

    7c17210f74b943b532b646ea9c62342a276d1fb15914353c2de5044532e917da

  • SHA512

    0e607e3f2634e5945a53a6df4477893da6b9d96e21a0e40f11a4038590847ecdbb978a1548307a3969aef52b9d7ad3d372e220858461c79ea008dac6e88e6286

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBL9w4Sx:+R0pI/IQlUoMPdmpSpf4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9edfd3a34cdcea468f6b2ef2667d3910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9edfd3a34cdcea468f6b2ef2667d3910_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\SysDrvDY\xoptiec.exe
      C:\SysDrvDY\xoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\SysDrvDY\xoptiec.exe
    Filesize

    2.7MB

    MD5

    21691089cba4437876f27bc94b650570

    SHA1

    6c48a628aef01a53b61ee2cc3e23ca68a883ccfa

    SHA256

    1d47dec125cd63950f6b64178ee063c72d0947ddbfa1be0d0486f07b53af8380

    SHA512

    ea88d0da852b49c259f2b0a22d608e9342fc08672568b1b34efc05dd77ffb970359b496ac20b9381c4740677484ce16709c2324821170c5d2b8a411de160676c

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    199B

    MD5

    f45ce5609128bb0cade1822f24634519

    SHA1

    47cfe7b5b960b40d6edd1027e341ece16f7b3da7

    SHA256

    038cabd67e03e3ed0ffb0178e440ae835188f3b60d78634316d2874c09be546b

    SHA512

    4e9790998aab2233e888ab654fa51d8173171aae501b73fc45b71443a476419582fba9c42db66d96ea41db877c3737efd40220f13d81e96ca22e270f65c8f125

    Download Submit

  • C:\VidOU\optiaec.exe
    Filesize

    47KB

    MD5

    0ca4c5c2eba084bcd14de256d6209da3

    SHA1

    0eaa86e09ba05318d4052e2b04c4a13ffa8e88df

    SHA256

    4e51616d0f2e4249c5cdeb93eb1472a7a3b24ceba744426dfe91988b7cffd172

    SHA512

    332b41f17ffe8799ebb5ea7174f4385946dee3932652889595a767870616f77291cf689a6e88074726ae634eebf138864fa53100ddca0e495dfef9fdfc9ad128

    Download Submit