Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3ab76cf88e...cs.exe

windows7-x64

7

3ab76cf88e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ab76cf88e53905dcb2ea4df35b0125c53c24fa75eca54520152cc5be02ce0fe_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    3fc593f8524fce76f18b229567d45d20

  • SHA1

    d7eb7049ddcf011a310c07d9d9c8353e191e0cb0

  • SHA256

    3ab76cf88e53905dcb2ea4df35b0125c53c24fa75eca54520152cc5be02ce0fe

  • SHA512

    31f5ffa55a1d7cbd011507bca7d1cbe7088b55dbb9a57eaba149646a5a3111fec2374443f9740600e46361890d73dcb6244199f80499bcef01a1d638a0934378

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBn9w4Sx:+R0pI/IQlUoMPdmpSp/4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ab76cf88e53905dcb2ea4df35b0125c53c24fa75eca54520152cc5be02ce0fe_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3ab76cf88e53905dcb2ea4df35b0125c53c24fa75eca54520152cc5be02ce0fe_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\FilesRV\abodsys.exe
      C:\FilesRV\abodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxVI\optixsys.exe
    Filesize

    613KB

    MD5

    dcf91b80d997841c11c1bcf1542752ec

    SHA1

    2403b30cd4b38b62fd1876501a61bfe3b0353afd

    SHA256

    956bbf7dade0a767c283313e23dd450987a58c6e4f03a74dbdfb2f0e13b5e2b5

    SHA512

    afb4439263b45af914ceecdef40b9fdd341a7f6b3ffcf91311fbddfa61819b7ecd135ccc33bc7c83a64a218fdd81d1cb2b528ba96e728540a3030694e43ee727

    Download Submit

  • C:\GalaxVI\optixsys.exe
    Filesize

    2.7MB

    MD5

    94eab217c1eff9de716e516ad32d1bd0

    SHA1

    1219c07f010e72dbefefc2ec56695ff3b996542f

    SHA256

    d66a2b1352ebc6217f024984c98f214c9fd98d4dfe8e9aa76c9af71d7f176cfa

    SHA512

    96454e2f681a66948c8ba3c3aee4aa07be20a1f0092014933ad2ca4eacd8032f615fe6fe52fe0200ca706189fda6e4f4b968ba9e91dcfd8f344ae35ace5ae122

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    201B

    MD5

    127c77ceb15d022c45d2fd9492fd63d0

    SHA1

    037ff73d54a634726f789a416e1d84aa35f3e776

    SHA256

    38814bf1f2897447e3578bd09fd5fea48dce0a67d89e18dd22c1da13a0765d25

    SHA512

    89772c540620c2a647ffa89b785eae289d5cbd55874fa06ee504c0aad20322c1eb64ad1175b74bfb330dd74dff92a0300ac319488659a028a6b0e38d3ae8942f

    Download Submit

  • \FilesRV\abodsys.exe
    Filesize

    2.7MB

    MD5

    8ab1fb50c6b0f1564397a169540320c3

    SHA1

    50f782a632c5bfb84600e0f0913a42f07517cce8

    SHA256

    a8c1b35579415e357f7db28223b1942b08c9970851ddc000b67893a2b5e1e047

    SHA512

    42634530e8a11d027f2c234be018ce5602363730af4fa28dd12e9d538a8fdd836db30761d60f76c238605d474b5e7a4c16ea48daf53e2f71d84eeac4965f0e17

    Download Submit