Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ef715bf9d3...cs.exe

windows7-x64

7

ef715bf9d3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    ef715bf9d3174df37ccd89edf9cab020

  • SHA1

    cf10e114b6ee31cddf4a5044520de2805e12cb95

  • SHA256

    1b487d3cc2ff96152f71bb50e076b1d11e49bc438cb34adda1e3513e6e1e88ed

  • SHA512

    429e4e9b233046f5c9013b783945614478e59d5a8efd72f3213dd5d33b960fcdc38d21a95574b6970188c94cd11840b843851e150796d0c2c8efa35b5c3f7292

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB69w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ef715bf9d3174df37ccd89edf9cab020_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Intelproc6F\devbodloc.exe
      C:\Intelproc6F\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Intelproc6F\devbodloc.exe
    Filesize

    2.7MB

    MD5

    4909f2c273f6a3872107eb4db785c3c9

    SHA1

    9b3f562be41cfb851d0b9f4469784a1f705322c9

    SHA256

    dc0c66d9305044b85a778495c1f7b323143dd9fade9418badd80a96435337988

    SHA512

    61db16762bbe5f2523b7d7d61002ce7e7898d40d2c36aaf84308e19b0357c4422e979447964585818ff695f317c71cadbc4e2403f311394043af2a3f118110df

    Download Submit

  • C:\KaVBM1\dobdevsys.exe
    Filesize

    2.7MB

    MD5

    211ae88e6184d0faaeb7f40af838c0a0

    SHA1

    67705877f62f006e3a5a3aa6f2d0b64a2a4d81ad

    SHA256

    2d5aafaf5fdc1515677eb3be6429c45eb5201e6295d698653a1f584616fb9a62

    SHA512

    88c6c8d0beadd0c09d5ae30861a354b92a297ec047eee2e0234fa04d5f1a3d397b9f67c74c375b03bec7a8b3829239b6b9f32139ad7652138d006e619171cc4a

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    207B

    MD5

    f5ab704bc8458c9a79d147df9d2b1692

    SHA1

    544f432ef12224df56d2e2f324524bbc4d6ee960

    SHA256

    dc739942226847e4a2132a45982c9d5a1686c21d5f23e6c6d5e5a881ef36e32e

    SHA512

    b35468a5b722d7cca8caccd9a081731a939b4f6a5ff820276d128b5aee97d92d00663cf720081d497d364e9fb1691d59e10a8e0094268aed8a8c5ab918cdf4bb

    Download Submit