Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

135f926170...cs.exe

windows7-x64

7

135f926170...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    135f926170ee0756f05f4b7da56978a0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    135f926170ee0756f05f4b7da56978a0

  • SHA1

    cde5783c3796fc7a22cda081b0f88d20195f0897

  • SHA256

    fb4865cc86a5ef2d29d4d602fb984a8c20828003c2e327eeaccda4ac5276ab74

  • SHA512

    3ca3607c7a7c44f5d6cc26295cb6da05ea6c18a11cfd2ca3450c60260f00e398a322f044e5a01cd2bdecdcfcbfaf96dce87fd91cfe38ba5781380a65b5eb7f4b

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpE4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdmL5n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\135f926170ee0756f05f4b7da56978a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\135f926170ee0756f05f4b7da56978a0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\IntelprocP1\devbodec.exe
      C:\IntelprocP1\devbodec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocP1\devbodec.exe
    Filesize

    4.1MB

    MD5

    5fc2ddd384a9a989d8dc397eed585123

    SHA1

    48429d262403b1816fe0c963f0d294e7651b2e4d

    SHA256

    6e9400fcf038bb47bc0270730c25e80eab83bfd5499bd60dae346e6dba339d76

    SHA512

    1150b556039383736e7dcab0dff8ae0c1a726945af6532f3d9d4ba4bc0fa05e8916bba25c6ace524a87e1ff5ff6b678b36b500ca4fd932f0ad4f72c693104c8c

    Download Submit

  • C:\KaVBA2\optixloc.exe
    Filesize

    22KB

    MD5

    c2a1eee7e7165aeafe294f576af25052

    SHA1

    c2cacdff58101f66b2f9005b91f54c2fe05c557e

    SHA256

    dc0a9aa300c6b268add9d1803c12250444394a8cd052b6378e11149ca2c5f279

    SHA512

    0a0aef1f47ac33f03a2d9d297bffcf4ebd4fada8ca58b46c1e3964516572e38e1d90a9de87255d5ea7159122efb02fe73c45c77e3398ff9c30113f5c49fbb8a4

    Download Submit

  • C:\KaVBA2\optixloc.exe
    Filesize

    4.1MB

    MD5

    4a7d93d8d31c1c3224b37bdf01155389

    SHA1

    18422b7636eeadf9d6c4e08cea138248230c0e27

    SHA256

    c1272d385838b5fb35d4c5a0c1ee96421c8af3210d6c24c3431c59422b755805

    SHA512

    ea3278c82ecbff33456cd76e20a47f1fa17c01a83f75eb3359229ed3a83146c00046fafa3bb807dd651047f1048b061e62bbf672fbb2c37059c7f53fea927fed

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    208B

    MD5

    473a54e1d1d446e92c10da2c9309243d

    SHA1

    1a2c850fad1425b63c6323ca042d7a853ca313b1

    SHA256

    186f14f06010522a00ce4c1fa29d0e53e4e4ef7b7e24be016f757425eb0b7f3b

    SHA512

    6fb7eadf55ce9e719cb1f99f46919a7741835a5686494794725cdaf9db651900d24d176ad1db90efd68303ec3d74d0a5f62408c7b97541449747ee4e044b7e9b

    Download Submit