Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI
-
Size
199KB
-
Sample
240507-y3qpqsdh2x
-
MD5
21bbabf0be3cf6ea0a792eaf8d416f00
-
SHA1
1bafe382147fa1d48252caaf606a1466b4b969ff
-
SHA256
ba0a3085dc7b21d3013026efca1a6fa739e1e33eaa75504051c272cddef49043
-
SHA512
808099a6f6e6fdf4ddc07bd89cee376a383e24ca294f5aa6ee82289e238db0b5b6a575ee8485470e621a55468ae5e819dd6248e3d02633ed9233c679cde3a0cb
-
SSDEEP
3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEXrWpcOPxPke+e3fFpsJOfFpsJbgEZ:tFPxPke+eIKFPxPke+eIZ
Static task
static1
Behavioral task
behavioral1
Sample
21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI
-
Size
199KB
-
MD5
21bbabf0be3cf6ea0a792eaf8d416f00
-
SHA1
1bafe382147fa1d48252caaf606a1466b4b969ff
-
SHA256
ba0a3085dc7b21d3013026efca1a6fa739e1e33eaa75504051c272cddef49043
-
SHA512
808099a6f6e6fdf4ddc07bd89cee376a383e24ca294f5aa6ee82289e238db0b5b6a575ee8485470e621a55468ae5e819dd6248e3d02633ed9233c679cde3a0cb
-
SSDEEP
3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEXrWpcOPxPke+e3fFpsJOfFpsJbgEZ:tFPxPke+eIKFPxPke+eIZ
Score9/10-
Renames multiple (346) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-