Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NXTPKIENT.exe
-
Size
23.5MB
-
Sample
240108-ccenwshfbm
-
MD5
7b6d02a459fdaa4caa1a5bf741c4bd42
-
SHA1
4eea45c22881a092ac7a8b0a5379076d5803e83e
-
SHA256
f8ab78e1db3a3cc3793f7680a90dc1d8ce087226ef59950b7acd6bb1beffd6e3
-
SHA512
d8d67ba37263832e7f7d0a945a04afe3d9cea24e78a2d82b00463a2ab575ddb0b53f020c9967391c8469a831c3205f68d010d752a17419d7c2bb34ae8dc55384
-
SSDEEP
393216:zCTLRrqyYTljCQppkgSGlNoggc7k18J1unrY+M4ZtquYfZZrjMaDF1i:zCTLI3TZCQKGlZgc7k181W7fFOjMQ1i
Static task
static1
Behavioral task
behavioral1
Sample
NXTPKIENT.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
NXTPKIENT.exe
-
Size
23.5MB
-
MD5
7b6d02a459fdaa4caa1a5bf741c4bd42
-
SHA1
4eea45c22881a092ac7a8b0a5379076d5803e83e
-
SHA256
f8ab78e1db3a3cc3793f7680a90dc1d8ce087226ef59950b7acd6bb1beffd6e3
-
SHA512
d8d67ba37263832e7f7d0a945a04afe3d9cea24e78a2d82b00463a2ab575ddb0b53f020c9967391c8469a831c3205f68d010d752a17419d7c2bb34ae8dc55384
-
SSDEEP
393216:zCTLRrqyYTljCQppkgSGlNoggc7k18J1unrY+M4ZtquYfZZrjMaDF1i:zCTLI3TZCQKGlZgc7k181W7fFOjMQ1i
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-