Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4bf9d4a406...cs.exe

windows7-x64

7

4bf9d4a406...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bf9d4a406ee7925c69cf04c59bde3a0_NeikiAnalytics

  • Size

    2.7MB

  • Sample

    240509-q1xq9sfd54

  • MD5

    4bf9d4a406ee7925c69cf04c59bde3a0

  • SHA1

    ba7ab049346779b379b26bc46a0b88300b0cb7f9

  • SHA256

    4a0e61ad2ffe83ad7a3b11c1494bd2d6d32722683c8a2e1e3c3124cef0345fd9

  • SHA512

    f1810ac60794486d5684d80e9d074f62a5c402f776a12bb7e992479304352cb95d4c92738dd89c05b69148307a216cd568112cfc14831b505b576e079fb2a8b1

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSpC4

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      4bf9d4a406ee7925c69cf04c59bde3a0_NeikiAnalytics

    • Size

      2.7MB

    • MD5

      4bf9d4a406ee7925c69cf04c59bde3a0

    • SHA1

      ba7ab049346779b379b26bc46a0b88300b0cb7f9

    • SHA256

      4a0e61ad2ffe83ad7a3b11c1494bd2d6d32722683c8a2e1e3c3124cef0345fd9

    • SHA512

      f1810ac60794486d5684d80e9d074f62a5c402f776a12bb7e992479304352cb95d4c92738dd89c05b69148307a216cd568112cfc14831b505b576e079fb2a8b1

    • SSDEEP

      49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB09w4Sx:+R0pI/IQlUoMPdmpSpC4

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks