ba0a3085dc7b21d3013026efca1a6fa739e1e33eaa75504051c272cddef49043 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

21bbabf0be...KI.exe

windows7-x64

9

21bbabf0be...KI.exe

windows10-2004-x64

9

Sharing

General

Target

21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI
Size

199KB
Sample

240507-y3qpqsdh2x
MD5

21bbabf0be3cf6ea0a792eaf8d416f00
SHA1

1bafe382147fa1d48252caaf606a1466b4b969ff
SHA256

ba0a3085dc7b21d3013026efca1a6fa739e1e33eaa75504051c272cddef49043
SHA512

808099a6f6e6fdf4ddc07bd89cee376a383e24ca294f5aa6ee82289e238db0b5b6a575ee8485470e621a55468ae5e819dd6248e3d02633ed9233c679cde3a0cb
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEXrWpcOPxPke+e3fFpsJOfFpsJbgEZ:tFPxPke+eIKFPxPke+eIZ

Score

9^/10

ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  21bbabf0be3cf6ea0a792eaf8d416f00_NEIKI
- Size
  
  199KB
- MD5
  
  21bbabf0be3cf6ea0a792eaf8d416f00
- SHA1
  
  1bafe382147fa1d48252caaf606a1466b4b969ff
- SHA256
  
  ba0a3085dc7b21d3013026efca1a6fa739e1e33eaa75504051c272cddef49043
- SHA512
  
  808099a6f6e6fdf4ddc07bd89cee376a383e24ca294f5aa6ee82289e238db0b5b6a575ee8485470e621a55468ae5e819dd6248e3d02633ed9233c679cde3a0cb
- SSDEEP
  
  3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEXrWpcOPxPke+e3fFpsJOfFpsJbgEZ:tFPxPke+eIKFPxPke+eIZ
Score

9^/10

ransomware
- Renames multiple (346) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy