Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76d48106f489da87fc6a23aedd28b9e0_NEIKI

  • Size

    159KB

  • Sample

    240508-akxhkagc5v

  • MD5

    76d48106f489da87fc6a23aedd28b9e0

  • SHA1

    800675631bc86acb5d7054e9ebe090a32ef7c5ca

  • SHA256

    3c129e72d08c6720ab2486514b97e593e67e1f9a5e5204ddd273de2ebfd66c7f

  • SHA512

    e8e2258b133e135b00be2ab8597dbd3636ddc24be7273929bd800c33506b2226c87983b3dfce4bc5f78b2a8718710457c3cf5346205a7b12b916925c93b37d4e

  • SSDEEP

    3072:69WpQE0zhfFpsJOfFpsJ79WpQE0zhfFpsJOfFpsJp:nWL

Score
9/10

Malware Config

Targets

    • Target

      76d48106f489da87fc6a23aedd28b9e0_NEIKI

    • Size

      159KB

    • MD5

      76d48106f489da87fc6a23aedd28b9e0

    • SHA1

      800675631bc86acb5d7054e9ebe090a32ef7c5ca

    • SHA256

      3c129e72d08c6720ab2486514b97e593e67e1f9a5e5204ddd273de2ebfd66c7f

    • SHA512

      e8e2258b133e135b00be2ab8597dbd3636ddc24be7273929bd800c33506b2226c87983b3dfce4bc5f78b2a8718710457c3cf5346205a7b12b916925c93b37d4e

    • SSDEEP

      3072:69WpQE0zhfFpsJOfFpsJ79WpQE0zhfFpsJOfFpsJp:nWL

    Score
    9/10
    • Renames multiple (4617) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks