Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

35a074c25d...cs.exe

windows7-x64

7

35a074c25d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 11:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    35a074c25de4f264070db56143a3ace0

  • SHA1

    75809e40bbac5bf9ea658cc76474c0672d96d6a5

  • SHA256

    df6f2fae49384160455aaa652d3af3624714eb50312f50e77ac985b10c2c92be

  • SHA512

    d65a0dcf7a4bc3fb1a012db0e8f671e1803ba85678a146f5f0e51d9839aef969786dc3bdd7a2809b04051fd68749cf0a7883062b2bb69d09208ce2d91040e471

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpr4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm85n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\SysDrvRD\devbodloc.exe
      C:\SysDrvRD\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxC1\dobdevec.exe
    Filesize

    4.1MB

    MD5

    d2abd53ee91e630bc5776384f87d5b16

    SHA1

    a18341b68265cd5bfcb65e5b75c5d2567f0fd909

    SHA256

    361efbe1c2f286a900c132f52c51fa8d3f1a877b37a6248cfc5ed75ad828d41c

    SHA512

    81601aa85de0ef932a4b3277134a090524d678666ba1071980bddcedec7464c37f2d52c7df0fa346de9e19e8bcc67da20be301033ba8e24e2ce3e5a35da841ea

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    3a2e9af5e920ff3d08509195daa9f617

    SHA1

    608f12cff1527e90e255e2d75abad9391871425d

    SHA256

    b2ae832bec8731e371b7813254cb352f2fa3dd77962a54bce2cc465c4b06138c

    SHA512

    841d11847923f26282fc19127ed2cd93ca81a234c4a06ce8fe3b3f0bccf36c0b97afef2d4e052bb99e6f6e5523439adfbc33b87d7aa19354d98f415bcaf5be25

    Download Submit

  • \SysDrvRD\devbodloc.exe
    Filesize

    4.1MB

    MD5

    b046a56e2dd2ccca55f733a155b3762b

    SHA1

    45eb200d6846c473262dda1becae85f165b2b7e4

    SHA256

    a06fea027bb5a5bdcb3ddfac192b5f6a43a3cd8a39d3bac2141d723aa72f83d4

    SHA512

    e116d0c8755bf3022023255b895a429580d9aa3c47645ee5d8e9937cae2163a89a5a6559af230d32d31126bb0a4108dc2399f46de62a317add14a5213df8fe06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.