Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

2f473f08c5...KI.exe

windows7-x64

9

2f473f08c5...KI.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f473f08c5cf58ddd38da0b6f873bfc0_NEIKI

  • Size

    247KB

  • Sample

    240508-ypbnnafb72

  • MD5

    2f473f08c5cf58ddd38da0b6f873bfc0

  • SHA1

    0f4fbcf1e2012a9bb8fdd1264744345c15f2f154

  • SHA256

    b4b34264d0836a48f650baeb718aa06f91302a95313152a9bce6e0f1d2a6beed

  • SHA512

    d5e5a96ee8518c980225b06bd63581bad50b9d6b3542d87b46efae1070c1803e872f332ee95a065e45460c5d470f229a138bf46e2ee228a435f5d55ecec41b56

  • SSDEEP

    3072:6e7WpHIyRF9ESWu0SWuDmSXrwcysSSw9mHpKZNGCLOwstyhZFChcssc56FUrgxvI:RqlIyFESWu0SWuTSh9UpK7ShcHUaZ0

Score
9/10
ransomware

Malware Config

Targets

    • Target

      2f473f08c5cf58ddd38da0b6f873bfc0_NEIKI

    • Size

      247KB

    • MD5

      2f473f08c5cf58ddd38da0b6f873bfc0

    • SHA1

      0f4fbcf1e2012a9bb8fdd1264744345c15f2f154

    • SHA256

      b4b34264d0836a48f650baeb718aa06f91302a95313152a9bce6e0f1d2a6beed

    • SHA512

      d5e5a96ee8518c980225b06bd63581bad50b9d6b3542d87b46efae1070c1803e872f332ee95a065e45460c5d470f229a138bf46e2ee228a435f5d55ecec41b56

    • SSDEEP

      3072:6e7WpHIyRF9ESWu0SWuDmSXrwcysSSw9mHpKZNGCLOwstyhZFChcssc56FUrgxvI:RqlIyFESWu0SWuTSh9UpK7ShcHUaZ0

    Score
    9/10
    ransomware

    • Renames multiple (284) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks