Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0c467a5be0...cs.exe

windows7-x64

7

0c467a5be0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    0c467a5be02983e34825cc0da499f220

  • SHA1

    81a089f9825885cdeaec115fa68bb87abd6b5998

  • SHA256

    f9d86c23d34d87325b00eb1a64528a07a9318bc37bc6a037822b4a50a0ec591e

  • SHA512

    575957a0574b55164a71db0b4eacc9732b85afbcc6e3d48c0a1cca3d976e05dfd39f7016f739b382f21a3a7149e5b71a7a7c411452aec3892bcbf26c3b46006d

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpY4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmv5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0c467a5be02983e34825cc0da499f220_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\FilesLL\devbodsys.exe
      C:\FilesLL\devbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesLL\devbodsys.exe
    Filesize

    4.1MB

    MD5

    f2189412f4894cee9202578e6b009d61

    SHA1

    04b8d5b7746bb39e10f795e6a1c9e34282828d6e

    SHA256

    20b3c0dccf15f258aaef00c6420f1e009f1db35175246228974b527e161f4f6d

    SHA512

    01f5be98091dd5cccb371a20dfefe39acf5aa0afa31b5962390f16426a0a080ff9f5e62780e91c9891856745fda501ea39a774dac01bcc12bdf77216ce2358d0

    Download Submit

  • C:\LabZRG\bodasys.exe
    Filesize

    4.1MB

    MD5

    7f535a15f406e83dbd4f51c195b99488

    SHA1

    f699e1e99889ae1531bd60416ecfcd6ee894bc16

    SHA256

    ee712640ed70b65cccfa70cdd02f070966ae1d60f324150700e3ea04e8e0af83

    SHA512

    d0a431e62a6246d9f497b4f8f241f6779c453c8623278988355e29d0f6e16ed0d4ae99e2325ef0400c9864d187e374974f322fe32466f925ef385cc825c4615d

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    40c3ce571e39222ef28fcd73c69790e0

    SHA1

    d9e2fcd5c3da143abf83bbc8fc522720946b3281

    SHA256

    d1cf4e32d39dcab8429f16a25422650c70073a8fbf7ba85ca37e0481a8e1d271

    SHA512

    77fc2e428c0f03333d1fb795822220887406c5d5a9cf1349d6818d3df10af01621d1e2245c8f5ee827dec9c031f1dc585be7282ddf50c94e4e71c19b94fc3315

    Download Submit