Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ef715bf9d3...cs.exe

windows7-x64

7

ef715bf9d3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    ef715bf9d3174df37ccd89edf9cab020

  • SHA1

    cf10e114b6ee31cddf4a5044520de2805e12cb95

  • SHA256

    1b487d3cc2ff96152f71bb50e076b1d11e49bc438cb34adda1e3513e6e1e88ed

  • SHA512

    429e4e9b233046f5c9013b783945614478e59d5a8efd72f3213dd5d33b960fcdc38d21a95574b6970188c94cd11840b843851e150796d0c2c8efa35b5c3f7292

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\IntelprocG2\devdobec.exe
      C:\IntelprocG2\devdobec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocG2\devdobec.exe
    Filesize

    2.7MB

    MD5

    e5c02b0f351550987961e8d0fc904d6b

    SHA1

    72418c642fa9e69176b76419be11bcc541e419d2

    SHA256

    80d07b57a530b261903095d82aa4104a0f720b5271256bba2a7b5c7f77700414

    SHA512

    1a763a24a22eb5e895507545ab52d30c5f6167e51624324a0be57611aed349b6739f5bc2d6a56aa5d5aafa1404a9ce19a16d96e1c62a3f324a20e734dd6f6b40

    Download Submit

  • C:\LabZ72\bodxsys.exe
    Filesize

    2.7MB

    MD5

    b2e2d2fe293754474e076f043599a25e

    SHA1

    c023c8d03f526c479be43ae9ed7bce3e42a25692

    SHA256

    0b909b13211e7c1000cc095d14af47c9c1cccced3b3e2c37d02925ed5a8ceeab

    SHA512

    c7c082d3a58cbe51b2a5e985b96a203de7d3a9b699c4af5ec8d11d557804768b9170935d4d5d8384d978c7ba87c5b0daef638aa16f240bb2d2be539f769e5908

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    09ef2efa4ead57cb9cbad6a1d2ef7955

    SHA1

    a1ba6ec29b695dda684885ce978b160be18f6e37

    SHA256

    24abd707e39946e07cef60f8383860fee83f440bf8d15ce2c0dfbe8e26372f53

    SHA512

    5c6e70c30f48f1c6f2c817b6bab90448ddfd49f4ccbd73d37ddb46637ebe6f7271aa89148004d463779ffd127a67ba759d7f20d5b0e48ba405dedc98fe41afe7

    Download Submit