Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

34ae3ac414...cs.exe

windows7-x64

7

34ae3ac414...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34ae3ac414a4387363852bf9889f4540_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    34ae3ac414a4387363852bf9889f4540

  • SHA1

    88e37f6193017414174284b6c4169eaf0dc480b5

  • SHA256

    8c6c88c5f5eee60219613dd1de8bae0aef85a97cd777971a18d886f87609472b

  • SHA512

    fb40afc9dfb453b0ad1667fc09463aca79f11a8fc832986d0a1c7db1a981d7df211f40df38fb9b50243d46bcac897b18eaadea8dd7e1fc4f6f9a4e43c73f55e7

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34ae3ac414a4387363852bf9889f4540_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\34ae3ac414a4387363852bf9889f4540_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\AdobeHT\aoptisys.exe
      C:\AdobeHT\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZTM\optixec.exe
    Filesize

    2.7MB

    MD5

    547dfdfb3c34af082ac0546b75d73211

    SHA1

    deb608f38574b27821d191a6810e73a7b783b67c

    SHA256

    bdaffc916eb336df899fef2a16befd2ccbf7654e16e99a7a13359dd5016382b4

    SHA512

    0cd47d4ade0ce4313d5834eed2a9d8959e0e4b8468c32648ca496104a531eef42720e1aed171d4ed41dc140170d1319830deb0d155f3c742209ed1c35a3373a4

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    a9d830cdf298a1fe7db25b6e6dad35bf

    SHA1

    740ff3b038bdf4575398ee5a7a5f6eb3455a313c

    SHA256

    e35ba2cd6c4563c768182a106a19e8e8288754d065a406cddf6ebb5deac8d2a0

    SHA512

    86ff6e15f1fb046f815363ad40f8d574d37e43a8638d94c61a36dc31a22b6528c20985f33e95938eb6ae40ffb6e71d8f9b2d0fd49eb87ec1973862d3f6467884

    Download Submit

  • \AdobeHT\aoptisys.exe
    Filesize

    2.7MB

    MD5

    3a802293d0be6324dd5df0ecef2ed2be

    SHA1

    3869651978a3360acf55009b2fc577d3df68b1c3

    SHA256

    dc0122e06acbb7de55e94b819279a66fd7d55572e1d833873b31329a1d383fd8

    SHA512

    4dc8781e599bf5088886b4cd753e5f97ddc6f354715a4987e32351c3819aee958c90d5ec74952373d838d6289d035cd6c30a4bf6d454ee08d8fdbb88edf8364e

    Download Submit