Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

89ce8865b6...cs.exe

windows7-x64

7

89ce8865b6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89ce8865b6a1983a8e2a08243326ddc0_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    89ce8865b6a1983a8e2a08243326ddc0

  • SHA1

    9c8776de72f9df5dd38f73ffc4d3e709cc78fc6b

  • SHA256

    33b724c692d11939e39c9c13952d913240c8f3c81b1c3d3497b6657c039d345f

  • SHA512

    6087593a69b5d5370707b4514598b3885c8e26e2118e08b7b0f08998cc80a63c0c61cbbf1394ed08adf852d779d766eaedb72cdb0279bd2db203a2b367790152

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBM9w4Sx:+R0pI/IQlUoMPdmpSpO4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89ce8865b6a1983a8e2a08243326ddc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\89ce8865b6a1983a8e2a08243326ddc0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Adobe7T\aoptisys.exe
      C:\Adobe7T\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Mint89\boddevsys.exe
    Filesize

    2.7MB

    MD5

    9951a6666df0d25664581abacf79fc86

    SHA1

    bfba2a4975011d47dfbbb03c992b0be151f2d058

    SHA256

    9fbdb089ac20757f2ca23d3d26a518f8547ebce4bd4bdfe03ce43d68146fb57c

    SHA512

    dfe3facbb796282fb6412344d3d827df3d1d0a9942f8b46ed75d5f511100a3c5bfacd3ce4328df46c21029c9b1dd513e4280da1e999dd453ce8a931cdc574d96

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    203B

    MD5

    ef467d61220709e7254324b191957860

    SHA1

    e2c00c510d84de6af928f7625946c55751e20604

    SHA256

    68b1e587011fd094ab5fd1d7e22241c4356baf7c0a8657ef99f2b67bff2c1fb5

    SHA512

    61d23f1706d410bb4b746ded8393b73ab1166e05301df43457f540e097b5350695baa0e4e52b7ca39b7c59153dfbd288de06cfce0e65797888beb664011dcf8c

    Download Submit

  • \Adobe7T\aoptisys.exe
    Filesize

    2.7MB

    MD5

    0c5245f498213715fe7e523394d5de9e

    SHA1

    5825426cf42194a258f0dce8e9dad2b875194ec0

    SHA256

    9d86fd2f3481e8d53625a26b23ba985b732ffdf0b702124c884ef9999d4f8637

    SHA512

    33808fdc698cd117cfed90b1963f7fc903cfd48b6f0444ef8a1eae9e3207ff7249c2ffdd754ec5956e1bf4c635c3de87e6a5378671a8de3b3f2294c23440cf67

    Download Submit