Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

33927fef18...cs.exe

windows7-x64

7

33927fef18...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    33927fef1818621037c1a7e615f64320

  • SHA1

    43ac78d7a85c2fbc799f71d5a77b5a60bc718239

  • SHA256

    29eb5b243e93ee266b7d428b6c32bccd86c92feb0adbe8d82742016321a261c8

  • SHA512

    db0d73715ec9d7014a68c25353da2f5ba5c1623b2c486d8fcb7babd3f426c6256ba07b0ea8ff296a99d2853c87bac524be4e311d46f082946c026b60ab33621e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBl9w4Sx:+R0pI/IQlUoMPdmpSp94

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Intelproc4N\xoptiloc.exe
      C:\Intelproc4N\xoptiloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintKY\dobdevsys.exe
    Filesize

    31KB

    MD5

    76f2392f4644d3df0bea775361ad02f1

    SHA1

    1e6d7c0ff116b955490e05cadbb381bbe14c0783

    SHA256

    2e56ad0b152fc024bdcfb0dbcdabce493d8edfb04d7a6bd1ba0af5abcdcbc66b

    SHA512

    1e915195b94382c2102259a0432beac01f7b84a506340390921051ea5a550ac40f6c9b3ef4a203982b56c7b8cb0cfdfc019a8bc71d9b80b170b09558182e050b

    Download Submit

  • C:\MintKY\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    5b0195a20344932191c28c2cacbcb518

    SHA1

    24e6fc375a906bc182fbfdd49a0fb932b2c1464b

    SHA256

    02372d802e3cec2d3c26a13541cb47e64fd2b363d1e0b4a74f672edf6bbe3def

    SHA512

    8e985791c9a0eab9cc84cd9be067a327a7a7e4cc9ca6ae5a96d7df0876a5d03b8581254e27ad056edc9dc44d9fd8835197ea6edc45002726ce3e6124034e05a6

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    208B

    MD5

    8e9d15624c6b155f52747dee6a4e8e74

    SHA1

    85123ab38face8065aea09daede88e2bbd0a0e79

    SHA256

    e13b5f8d609f6f9560a6908859b11e6f91901bba839d8e075bad9ac945e52a79

    SHA512

    63f0ae99af0ee9be3555662abcb62a79a34afd6209e861d3b14ebfe34d99da29f04b1f95b7ce7278a4e73b5c3c31ab8ae1f40ec0904e1459df54dceb062e5450

    Download Submit

  • \Intelproc4N\xoptiloc.exe
    Filesize

    2.7MB

    MD5

    d9dfcf57b21e16330a218d8592c802ab

    SHA1

    26695b3a1f5ad4cda3e90862ee1fe9ea4a8b1054

    SHA256

    7f8e0bfed303f817271b055cc6c53d2b0e544a5fa2b8eb2278c651b736544751

    SHA512

    238434f77ac36dee06c9935157bf59a532421f75d51dd84d49acfe98dbee58c63eb4c6b6c6a11161514449b9fdf91b5b0cb320c75f76aaca5f121148f92ca971

    Download Submit