Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

35a074c25d...cs.exe

windows7-x64

7

35a074c25d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    35a074c25de4f264070db56143a3ace0

  • SHA1

    75809e40bbac5bf9ea658cc76474c0672d96d6a5

  • SHA256

    df6f2fae49384160455aaa652d3af3624714eb50312f50e77ac985b10c2c92be

  • SHA512

    d65a0dcf7a4bc3fb1a012db0e8f671e1803ba85678a146f5f0e51d9839aef969786dc3bdd7a2809b04051fd68749cf0a7883062b2bb69d09208ce2d91040e471

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpr4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm85n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\35a074c25de4f264070db56143a3ace0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\SysDrvRD\devbodloc.exe
      C:\SysDrvRD\devbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxC1\dobdevec.exe
    Filesize

    4.1MB

    MD5

    d2abd53ee91e630bc5776384f87d5b16

    SHA1

    a18341b68265cd5bfcb65e5b75c5d2567f0fd909

    SHA256

    361efbe1c2f286a900c132f52c51fa8d3f1a877b37a6248cfc5ed75ad828d41c

    SHA512

    81601aa85de0ef932a4b3277134a090524d678666ba1071980bddcedec7464c37f2d52c7df0fa346de9e19e8bcc67da20be301033ba8e24e2ce3e5a35da841ea

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    3a2e9af5e920ff3d08509195daa9f617

    SHA1

    608f12cff1527e90e255e2d75abad9391871425d

    SHA256

    b2ae832bec8731e371b7813254cb352f2fa3dd77962a54bce2cc465c4b06138c

    SHA512

    841d11847923f26282fc19127ed2cd93ca81a234c4a06ce8fe3b3f0bccf36c0b97afef2d4e052bb99e6f6e5523439adfbc33b87d7aa19354d98f415bcaf5be25

    Download Submit

  • \SysDrvRD\devbodloc.exe
    Filesize

    4.1MB

    MD5

    b046a56e2dd2ccca55f733a155b3762b

    SHA1

    45eb200d6846c473262dda1becae85f165b2b7e4

    SHA256

    a06fea027bb5a5bdcb3ddfac192b5f6a43a3cd8a39d3bac2141d723aa72f83d4

    SHA512

    e116d0c8755bf3022023255b895a429580d9aa3c47645ee5d8e9937cae2163a89a5a6559af230d32d31126bb0a4108dc2399f46de62a317add14a5213df8fe06

    Download Submit