Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0c467a5be0...cs.exe

windows7-x64

7

0c467a5be0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    0c467a5be02983e34825cc0da499f220

  • SHA1

    81a089f9825885cdeaec115fa68bb87abd6b5998

  • SHA256

    f9d86c23d34d87325b00eb1a64528a07a9318bc37bc6a037822b4a50a0ec591e

  • SHA512

    575957a0574b55164a71db0b4eacc9732b85afbcc6e3d48c0a1cca3d976e05dfd39f7016f739b382f21a3a7149e5b71a7a7c411452aec3892bcbf26c3b46006d

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpY4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmv5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\AdobeKI\devdobsys.exe
      C:\AdobeKI\devdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxC8\optidevec.exe
    Filesize

    4.1MB

    MD5

    0bfc83e451eb129ebebab9379b1468d6

    SHA1

    5cbe400b007dd7dbd605b6d81acfa42d25c6bdf6

    SHA256

    e07947fd854165096dc288df6e020a724761af23975b1dfd3f46d0c6c70a89e0

    SHA512

    3be570c6b8d022c8b5623063447efba907e1b84570590489790f318ffb075aa74ff193b951c7ab295e910e08de19b14196dbca33f6e10c815272eae939c9cc26

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    48d0aa289119b59e4382a674c85d442c

    SHA1

    1d18d6193f24d1529610900216756e702984c03d

    SHA256

    d792f6da8e391b6fdd5f71913e928f93207054304f6e316f4056bba3c60d53f7

    SHA512

    df4e4812f08ba66c43efae329ee6d7d08ed20e9f42139ad8abc3e20418ad12ae20c6e87f38e592d56ee13ad35d42e6a1a94cab4e29573f34305b24596ca7dd2a

    Download Submit

  • \AdobeKI\devdobsys.exe
    Filesize

    4.1MB

    MD5

    d7966e6f0634860467a0cf186d6afb35

    SHA1

    12adfd641f55b318f8239ea705c71aa481f131b5

    SHA256

    c7713ac6f0369960924c3a7e1e92c92251304f54aecf6a7dd215e09dfc169c96

    SHA512

    18c7a6edfd34a4c0507139353799555fd86442a807641a4da3d2a5792dd14e20be3c0d4318d8e16290298a836732f1118df4c84752a7e836fcf8eee81edac0f8

    Download Submit