Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7c2e2db920...cs.exe

windows7-x64

7

7c2e2db920...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    7c2e2db9209ad16b89269d6ec8aec320

  • SHA1

    0506161bbbecf8d4acd643236132ba3630368b96

  • SHA256

    0b2f0869b54d9ea62351f035540a7a612fe680ee9e8d82b4ae2fe5af88cfa344

  • SHA512

    4b75b79452af3797c24d5a9b7f9ed9395dcb8e9e765206f9b27303ef3a5405442e25f4f02d45f1a4ebf8a403908e6576b8ab8155ac9ae82ab37e5e0aa85da885

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpG4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmJ5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Files72\abodec.exe
      C:\Files72\abodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBOG\bodaec.exe
    Filesize

    4.1MB

    MD5

    e0503a33309a201c1094951e6c9ce2f6

    SHA1

    a7cfd2c6a9387c2aa56dc1b8654e42da73ae4d99

    SHA256

    3ab121d54f0bfa84f6f652da1a40537ba249d5e6f89a836e3467cbe37a323688

    SHA512

    85c02c78d9ae10a38aa0927c8cb4fb2d459fb726090522d69393b49c9d8376bf682f54169d9fc90a8c63a389803de16d01906f482fe8dd7820120b5dd902bb7a

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    9c034602c25c8431031bee0ae160f8ff

    SHA1

    759c324312565911ef74059b2b66a9668a1d1405

    SHA256

    600b0c7130942fadfc156d4e70b7d9dca138c00eefea4fb2e6de733f07f02bfe

    SHA512

    4be7720bc00dd2db3caa60a2cd27c2802a47ce70af3a5ff19c812620988dceeec811ef75cb16e4d28045ca33341cadfa042d9b24545f0791045e80b3096cc9b6

    Download Submit

  • \Files72\abodec.exe
    Filesize

    4.1MB

    MD5

    a70995571397f49fe312eaae6323c731

    SHA1

    1c861df348e145aa44f5855ca340bce8e4f66894

    SHA256

    02be7cc49567f6f2496d62a399103fc704f807088c126b297629d6ad6ca2379c

    SHA512

    39c989c1c135711ad4699590beb2584b9ecb5edd7a025389fa7e91b547bf00a38df58700ca633b5ffc19699c4bb36bd8ebb9984191e642195c4c6d93304f2070

    Download Submit