Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a1a9484b82...cs.exe

windows7-x64

7

a1a9484b82...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a1a9484b82ac29ff2eedfdcb6fb46d20_NeikiAnalytics.exe

  • Size

    4.1MB

  • MD5

    a1a9484b82ac29ff2eedfdcb6fb46d20

  • SHA1

    c244833b0e13900ee0d5d061d04b1aa79ce2f8bd

  • SHA256

    79084bdcf31a83ae63a52caf1607ce4585a5a7bb09d20f8b33232449f0e33788

  • SHA512

    f250efd62568f051e2f29daffe37bae7d2c0c7fe7d2d2908bb664b8319d8f14befe1f6437cef51c49c2c8182c14ee4cfc71f9015616f304bd5027290c1757dc8

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpB4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm65n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1a9484b82ac29ff2eedfdcb6fb46d20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a1a9484b82ac29ff2eedfdcb6fb46d20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\IntelprocC2\aoptisys.exe
      C:\IntelprocC2\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ2V\optixloc.exe
    Filesize

    4.1MB

    MD5

    071f6198431104e0e854d720e990243f

    SHA1

    27d9fa47c1eb2b3631d9141421a4bb2abda62cb3

    SHA256

    cd78f1ff09fad8ad8b6ba25836528bc7adc2841119d37bdc772e5393d3b5a822

    SHA512

    8aff1e34dfb8a87a5a334119b9ca4138e8c86d6b72ac30b75850cd576bb15a2879764ca5b10f0b1908d70d76b698a57cdb08c31df5347b9626cf7fa3fa18d60d

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    207B

    MD5

    6af05cf7f09e1c546c76b26d3c2a38b8

    SHA1

    2fdf051bf1bc2302f514b40dc5bd84a41f23101f

    SHA256

    439a7fac03e8b9a9525398064da1697405bc2642ae37eae1a6ae9b77ca5761e5

    SHA512

    18ca23a39d37a671f3655b36b6efdfbc1deeab8000a4e9547e97a31bbae4112444234e2dbc7e2ff4ba942615d1ed1029c0119371bf901d1731e02c29bd9ffcf1

    Download Submit

  • \IntelprocC2\aoptisys.exe
    Filesize

    4.1MB

    MD5

    feae0d72c83f9de4f29052eef7b152b8

    SHA1

    5eb30cb6362f7af777919c64e22068143ba53dea

    SHA256

    4d19b0aca1d27e3392dde5c26be03a1181942326fca22e5653df3926afdb13ff

    SHA512

    28eb229849f09e7322f34775a045c4b557263d833c276c496b4c586b0c6af8a2d4101c4c97d341e0ad5ba93469ea5539ea3e6c8354266c5782342ea3fe0ef0af

    Download Submit