Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

15f0a6b11e...cs.exe

windows7-x64

7

15f0a6b11e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    15f0a6b11e6ef87ce9cb5bc3f61a2bd0

  • SHA1

    c879c09e49fbb47b58139cdf189818b7d6a783c3

  • SHA256

    b8e8809a6ac6e33a00b2edf4c012a11f7f8ec71634dc34df30b35bd427efac86

  • SHA512

    848cd3f58c9f7a2a170332730899222816c4b0ed4cdabe4561db85136eb088c1a909c79242017af81a1a6ecc52413ada8a0bcb9907e26fc84bc61f4478183889

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpx4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmK5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\15f0a6b11e6ef87ce9cb5bc3f61a2bd0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\AdobeCQ\devoptisys.exe
      C:\AdobeCQ\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeCQ\devoptisys.exe
    Filesize

    4.1MB

    MD5

    a6d1204d4d1f4faad6aa452a556b5236

    SHA1

    9df90d484dfbffaf70ef380a6c12cbbc290fcd0d

    SHA256

    2b20f52ebd9d42632f6927241b908f056ad609d2a59000a54e218f5690aa4082

    SHA512

    6786f54d434ba1a79dd9d8520c099194ba9b99a1e13395f857c39470d30fd4718e80507805d444484cb99f97f5006502386a8cbd6e96f19b7b5dbe40a8e318e0

    Download Submit

  • C:\Mint32\dobasys.exe
    Filesize

    4.1MB

    MD5

    7c7dc97d436c97302ab08004235ecdfc

    SHA1

    2be7e7d327a0b08a38ef05c1efe71e30422e63dc

    SHA256

    7f179104dec35377dfc4a44f0be7347c83b080be21b32964be78a9aae6b7cb09

    SHA512

    ea6aaae159193a38670af23c0feeebad0f4e5e78e64513f6d45eecc7abd6fd430923792cbe5b0756a9e491959b56212b577ebffcb5b8933f0891f6dec4e9cbb1

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    204B

    MD5

    ae15efd5796fe9a4787a49baefc729d9

    SHA1

    110a42bc1212abc981c001b5ff45b8b1a9862a82

    SHA256

    f7818eaf80f8681b4e6652a8040d4395ade4f7df27e54bb224866ff613cff837

    SHA512

    c53b453f60d01734cecc2aeb8006b6a779b7628e9aa20ae260e4b9565db1ac7c8100fcea98cb6d6b16965ccadc2fa4d08795e64dcc9676812d78913c65ea667c

    Download Submit