Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

88522cfd87...KI.exe

windows7-x64

9

88522cfd87...KI.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe

  • Size

    297KB

  • MD5

    88522cfd871a8d5d6825e03305fd26a0

  • SHA1

    7c401c11ba165b243ab14fac5cd5a78b878e811e

  • SHA256

    cde1829aa846cf65afc4839eb6e7df0f7811bb0a43d8eab29cd23045d3ae83b5

  • SHA512

    01dab607f3e6860ac938268b99144b5ea4d94fd3d71dac061bd70d67bd4888cb573e0d1f224dcd3bb16cb29fc0f7153a53072576b90268a591edf8ee163f3263

  • SSDEEP

    6144:RqKvb0CYJ973e+eKZ56itOImvjngu7/BRXF8z/LYIXiY2+8AFC:vvbxYX7Z56OOrvLLe7LYIXiY2+zFC

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (2839) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
    Filesize

    297KB

    MD5

    8ac287e36e73fdf45f14c97564f96839

    SHA1

    d1dd2b611262111c1a1e1e4058c98cd73a23bc1a

    SHA256

    66d140b1d908e6593111e75265267c67caa4f61560195e56bee6757ee3bc7a51

    SHA512

    990585ab9e23403fc28d9f693a732db8006ca648cc63e7da4bad9228e24580da2665f438e38c830d4eef8b51019b2a30a5cff59f5aac64c2a30ceafcb44a1dd9

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    306KB

    MD5

    8036212748ad2c70f1203d4dc601769e

    SHA1

    a7829649362b9f98dff26e77648e8ea40e829663

    SHA256

    070d810dcae3ff08b46c311b351aa5d79c46889352043d7f3aef3ca795fc5838

    SHA512

    c513f2105de5f28506f7fb23824b332d664ca0d035678e7dafe6e7aba3002e9fa7eafc033902e7cc476dce8ddead7ab7544a8fb012e90d796af31bce631a9012

    Download Submit