Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

33927fef18...cs.exe

windows7-x64

7

33927fef18...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    33927fef1818621037c1a7e615f64320

  • SHA1

    43ac78d7a85c2fbc799f71d5a77b5a60bc718239

  • SHA256

    29eb5b243e93ee266b7d428b6c32bccd86c92feb0adbe8d82742016321a261c8

  • SHA512

    db0d73715ec9d7014a68c25353da2f5ba5c1623b2c486d8fcb7babd3f426c6256ba07b0ea8ff296a99d2853c87bac524be4e311d46f082946c026b60ab33621e

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBl9w4Sx:+R0pI/IQlUoMPdmpSp94

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\33927fef1818621037c1a7e615f64320_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\SysDrvAR\devoptisys.exe
      C:\SysDrvAR\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZS1\optiasys.exe
    Filesize

    2.7MB

    MD5

    0da91cd6305b56806d33878c6cb9d529

    SHA1

    fcf6f0e7ef6eef718085253dcaa5e51ada093edf

    SHA256

    adff2ef98f1513abf078ad798e2119a5ff6a63523b683c330a050f12f7b2ee8f

    SHA512

    746cf7340c671bbf7599135b6076756bed91df6b30f83e8e055771ae0e5a8afa77bf9e7a6b242721b14ce51ed3ff0807c74d991112e80586b158ef0a546eedd4

    Download Submit

  • C:\SysDrvAR\devoptisys.exe
    Filesize

    2.7MB

    MD5

    4317983cd8924070149797ca5dbd01ca

    SHA1

    19472d0afdec6911234e2789a8a8008e9aa7c63f

    SHA256

    c50ccc763884e35e4a9e5cd4a4d7b0af60ec2a130c5bb75b23ec58bbd3496fe2

    SHA512

    81dc2f804f400589635db4ed683c855bbdf16150b0c3c32ecfad93814581338f92eba5aa0f40d264ad16ec3bfd42bb8813eee4cd0ebbd8c3b4c30acfbd1f81d7

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    205B

    MD5

    4617049143d7228c6a6738e4689d9c8d

    SHA1

    bef5f5b139590eeb2f0631181fc0ef5c4f11132c

    SHA256

    c331d057aaf90abe630abb834197014b74e7661e6baf214109f0db2167ddc4f6

    SHA512

    df5a0226b9acd6457025b7f4a99bfdca9eb6ee23666099198a425edf1825c3bcc296df3f47e13ea3e1f1616e028cad8457caa60527a3104ae9c1a44a29375d0e

    Download Submit