Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7c2e2db920...cs.exe

windows7-x64

7

7c2e2db920...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    7c2e2db9209ad16b89269d6ec8aec320

  • SHA1

    0506161bbbecf8d4acd643236132ba3630368b96

  • SHA256

    0b2f0869b54d9ea62351f035540a7a612fe680ee9e8d82b4ae2fe5af88cfa344

  • SHA512

    4b75b79452af3797c24d5a9b7f9ed9395dcb8e9e765206f9b27303ef3a5405442e25f4f02d45f1a4ebf8a403908e6576b8ab8155ac9ae82ab37e5e0aa85da885

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpG4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmJ5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7c2e2db9209ad16b89269d6ec8aec320_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\SysDrvPH\xdobsys.exe
      C:\SysDrvPH\xdobsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\KaVBEW\optialoc.exe
    Filesize

    256B

    MD5

    7b3cffac7066949173af9dec430e50ef

    SHA1

    4c7dd08e8b1cbe82c512820c7053bd053b06d424

    SHA256

    82e8f656f8eb55c46453962cd11965172a5564eb82c56788f85f83dda46995a8

    SHA512

    23b204cb0e6bdfb0aa9170914f3a82b60f8ddda4c76fd13b8df933d68165658435a634f1fa5974cde19cb1ee82cc61a4618c9b581c7ae6d0dfb43223fe6e8151

    Download Submit

  • C:\KaVBEW\optialoc.exe
    Filesize

    4.1MB

    MD5

    a26e4a310d3bcaaa444bcb164b8362ec

    SHA1

    0545bd78e8076018f064ae5b3bec2cdb46f244cc

    SHA256

    e6fdadc49e1366e3c16184a61ad0c74b9215cf2b082b1c378712d93c81efed83

    SHA512

    9e63848bc568a967fbc62ca2cfaf6b768ee1626ff7453738202b247321e80f59b969502a55764c84b152998badb1c251d5be1e7d6f5f37fbf091a9f7ab4c5f21

    Download Submit

  • C:\SysDrvPH\xdobsys.exe
    Filesize

    4.1MB

    MD5

    7f1ea9c0b5ed24b8e233ce923b31a9a0

    SHA1

    fd4e23d08316cc11f94842b76921b852c93c795e

    SHA256

    f6d4fd5f04e86aec7976186dabb210a1ab987f68a91bfb1778e3ce007de8b19d

    SHA512

    305c2a67d914f86c4cf92f53c9ddd8dd0f8bdddc4f6512c8643f092a8b3e28f765855f088c60befaba9d71b35cf03c275e704054dfd570a7257e9b6eedd1184e

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    8b7b507711ce6c7994287131062279da

    SHA1

    c8ae57f21b64f53e21f1fb36a5ff8390c8d41931

    SHA256

    115262799b988272f2f410c63c9990172c233b4096a6ca3989c42ba2280c3775

    SHA512

    a83e600641b7950aa08da98838269915b6e595c312267696b1cedd546f1100ff21b1f9b11238e76c8b85175563495de18dc3997090dc3a3c94606ef8beca1212

    Download Submit