Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7e0fb480307...cs.exe
windows7-x64
7e0fb480307...cs.exe
windows10-2004-x64
7$APPDATA/N...gs.ps1
windows7-x64
3$APPDATA/N...gs.ps1
windows10-2004-x64
3$APPDATA/N...32.exe
windows7-x64
7$APPDATA/N...32.exe
windows10-2004-x64
7$APPDATA/N...64.exe
windows7-x64
7$APPDATA/N...64.exe
windows10-2004-x64
7$APPDATA/N...md.dll
windows7-x64
3$APPDATA/N...md.dll
windows10-2004-x64
3$APPDATA/N...os.dll
windows7-x64
3$APPDATA/N...os.dll
windows10-2004-x64
3$APPDATA/N...em.dll
windows7-x64
3$APPDATA/N...em.dll
windows10-2004-x64
3$APPDATA/N...tc.dll
windows7-x64
3$APPDATA/N...tc.dll
windows10-2004-x64
3$APPDATA/N...ec.dll
windows7-x64
3$APPDATA/N...ec.dll
windows10-2004-x64
3$APPDATA/N...ce.dll
windows7-x64
3$APPDATA/N...ce.dll
windows10-2004-x64
3$APPDATA/N...p2.exe
windows7-x64
3$APPDATA/N...p2.exe
windows10-2004-x64
3$APPDATA/N...ib.exe
windows7-x64
3$APPDATA/N...ib.exe
windows10-2004-x64
3$APPDATA/N...is.exe
windows7-x64
1$APPDATA/N...is.exe
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3General
-
Target
e0fb48030795c0b804b825c909427d70_NeikiAnalytics
-
Size
3.3MB
-
Sample
240509-ylzlbaef54
-
MD5
e0fb48030795c0b804b825c909427d70
-
SHA1
6a5c557b1cfe724a598ee178751e1df252b553bf
-
SHA256
e4db026519727d240f0f1d1305052174291c67a872404ada807ea00b52bd11d6
-
SHA512
7e0afe08dc56c487448743cdbd96615169361a08c9b76af2be0c96bd9ab9b4459225ca620f76432235329561da66f232bc024766579fc5f3ba1dbb8cd7a59c6c
-
SSDEEP
98304:ev2VPnq1y5tQOM33ZNqCtBixHl54OJjes1zd:o2VPq1yLanrqTr4Sead
Behavioral task
behavioral1
Sample
e0fb48030795c0b804b825c909427d70_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
e0fb48030795c0b804b825c909427d70_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$APPDATA/NsCpuCNMiner/Include/nsDialogs.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$APPDATA/NsCpuCNMiner/Include/nsDialogs.ps1
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$APPDATA/NsCpuCNMiner/NsCpuCNMiner32.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$APPDATA/NsCpuCNMiner/NsCpuCNMiner32.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$APPDATA/NsCpuCNMiner/NsCpuCNMiner64.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$APPDATA/NsCpuCNMiner/NsCpuCNMiner64.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$APPDATA/NsCpuCNMiner/Plugins/ExecCmd.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$APPDATA/NsCpuCNMiner/Plugins/ExecCmd.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$APPDATA/NsCpuCNMiner/Plugins/ExecDos.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
$APPDATA/NsCpuCNMiner/Plugins/ExecDos.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$APPDATA/NsCpuCNMiner/Plugins/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$APPDATA/NsCpuCNMiner/Plugins/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$APPDATA/NsCpuCNMiner/Plugins/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$APPDATA/NsCpuCNMiner/Plugins/inetc.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
$APPDATA/NsCpuCNMiner/Plugins/nsExec.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$APPDATA/NsCpuCNMiner/Plugins/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$APPDATA/NsCpuCNMiner/Plugins/textreplace.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$APPDATA/NsCpuCNMiner/Plugins/textreplace.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
$APPDATA/NsCpuCNMiner/Stubs/bzip2.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$APPDATA/NsCpuCNMiner/Stubs/bzip2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$APPDATA/NsCpuCNMiner/Stubs/zlib.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$APPDATA/NsCpuCNMiner/Stubs/zlib.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$APPDATA/NsCpuCNMiner/makensis.exe
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
$APPDATA/NsCpuCNMiner/makensis.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
e0fb48030795c0b804b825c909427d70_NeikiAnalytics
-
Size
3.3MB
-
MD5
e0fb48030795c0b804b825c909427d70
-
SHA1
6a5c557b1cfe724a598ee178751e1df252b553bf
-
SHA256
e4db026519727d240f0f1d1305052174291c67a872404ada807ea00b52bd11d6
-
SHA512
7e0afe08dc56c487448743cdbd96615169361a08c9b76af2be0c96bd9ab9b4459225ca620f76432235329561da66f232bc024766579fc5f3ba1dbb8cd7a59c6c
-
SSDEEP
98304:ev2VPnq1y5tQOM33ZNqCtBixHl54OJjes1zd:o2VPq1yLanrqTr4Sead
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
$APPDATA/NsCpuCNMiner/Include/nsDialogs.nsh
-
Size
22KB
-
MD5
650c682fce838441f6c8fa3a87aa7010
-
SHA1
0cc13812d20ac82a940140a597b6a1e89da7b860
-
SHA256
c98e01c0fd0482c5c73c7ea00975defc62b676ecafc3ca838266089984b26da0
-
SHA512
7f6bbc74c1b3def540735d53c043869b4d8b43ba36661a4cc50cc30515ad63eebe18c0243571907da70333c217f113ea7a9be2bbdf4dc2eac73d760640f99e2b
-
SSDEEP
384:T8D6R/d2ca6MQnrDfXfx2TIy2Pj8DUYmBqvRBS24LIiYhvC8w8xd75RJ8rdrG7VH:3/d2ca6MQnrDfXfEsy2PIg3Q5cF+7LNb
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/NsCpuCNMiner32.exe
-
Size
1.4MB
-
MD5
3afeb8e9af02a33ff71bf2f6751cae3a
-
SHA1
fd358cfe41c7aa3aa9e4cf62f832d8ae6baa8107
-
SHA256
a0eba3fda0d7b22a5d694105ec700df7c7012ddc4ae611c3071ef858e2c69f08
-
SHA512
11a2c12d7384d2743d25b9e28fc4ea0c3e2771aca92875fd3350f457df66c66827d175f67108f1a56d958f3b1163f3a89eedb8919bf7973d037241a1e59231d5
-
SSDEEP
24576:gWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:gSrwf3aZmpOFU2iQNIUc1LxGTtswgd
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$APPDATA/NsCpuCNMiner/NsCpuCNMiner64.exe
-
Size
1.5MB
-
MD5
eedb9d86ae8abc65fa7ac7c6323d4e8f
-
SHA1
ce1fbf382e89146ea5a22ae551b68198c45f40e4
-
SHA256
d0326f0ddce4c00f93682e3a6f55a3125f6387e959e9ed6c5e5584e78e737078
-
SHA512
9de3390197a02965feed6acdc77a292c0ef160e466fbfc9500fa7de17b0225a935127da71029cb8006bc7a5f4b5457319362b7a7caf4c0bf92174d139ed52ab5
-
SSDEEP
24576:Mf79KQimeoyEgM8dSGDeCAQ4GYwEkYEDI3BiiVzKJo23bvH5xh8wtDzgClYAdC51:b3EciPG9E/LBVeJo2Vsw57lYAA51
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/ExecCmd.dll
-
Size
4KB
-
MD5
b9380b0bea8854fd9f93cc1fda0dfeac
-
SHA1
edb8d58074e098f7b5f0d158abedc7fc53638618
-
SHA256
1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
-
SHA512
45c3ab0f2bce53b75e72e43bac747dc0618342a3f498be8e2eb62a6db0b137fcdb1735da83051b14824996b5287109aa831e5859d6f21f0ed21b76b3d335418c
-
SSDEEP
48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/ExecDos.dll
-
Size
6KB
-
MD5
d7b975049ec3aba50e4b7cc654a28214
-
SHA1
25f2578945ebc9ac037fef7b7f94c5d48e42388b
-
SHA256
42422d912b9c626ad93eb8c036ad82ee67cfa48cf75259c20c327eddd4cc376f
-
SHA512
f95f7875aeab586d42ee48029f7feed6e2fd8a7d106671e225ff5cf9ad83375f0ec3b8b288177c5d48b4c51eeddde687d67e7b07ad324e24059cff0a6516c270
-
SSDEEP
96:31pNOe2w5QbJHsBiyw4uM4jEFVliuOtac32FOeSMV7WhWD:dj5Qb1sBPuijiu6avTyhW
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/inetc.dll
-
Size
21KB
-
MD5
d7a3fa6a6c738b4a3c40d5602af20b08
-
SHA1
34fc75d97f640609cb6cadb001da2cb2c0b3538a
-
SHA256
67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
-
SHA512
75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
-
SSDEEP
384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Plugins/textreplace.dll
-
Size
5KB
-
MD5
72d1177bad86f4df8eaee2a8afe50e6f
-
SHA1
c36019dfa2ff5c90c9da31c89dfcda08f93df68d
-
SHA256
c058f4439617bdb2019c90abd9920070a23f751b9349051d0744280cd5d9c5d7
-
SHA512
e0e764fcafa833f94ad2d5ae2a407f3e35bd27efa078625d5a2c9372ea28d7889c4b339e457d6fd7c3c90475b2d1603142a8c46a23f59b5784478860b06ee1b3
-
SSDEEP
96:RHbaG527tDIdcuPYyKV20sWt5yzASW3zRvDOfGq:RHba5JCcmgV20sqhZ2
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Stubs/bzip2
-
Size
34KB
-
MD5
7ac2315d458a6c78f81f7167b164ef37
-
SHA1
f501956f346fe7ac49454f5eae54907eeb247f1d
-
SHA256
a32a41c520aa1d08d8e5cbc18c1994f92d47bede5cb8d3aca761579d242d249d
-
SHA512
00802299e1161ac3a3849678a0515e2ed4548a9c1397635fb546683a525f2dbaab8b90875d81821bc66b76c6669a309922284e818f510fb0d81d0c317458919b
-
SSDEEP
768:FqVnDX38+t1ehxQ7unyskUplx3tUeLTjWfgeOVGM4jjfS3XJvai:kjs+t1ehxQuntkULceeM4sXJz
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/Stubs/zlib
-
Size
35KB
-
MD5
346d3c8665f307a06aba85f8745360e8
-
SHA1
de87ba7e2553f0efd531d30d6a5997dab9a6bc2f
-
SHA256
c96383fe97a213140741bf5df71f322753200c094cb22db634e050d2be744a4f
-
SHA512
6d9910251618226bfd94c94661b86db0b6c07d5dbc5445cbd0ae7bd34fc42e0b2af53fbd14b57969cda9deb747dae7837209eb4c61b4b130b0170f584b839aa2
-
SSDEEP
768:x0gFJMBrbxJQJFiXDYwQ5NTdKqP5sCOfZ7jrG0D3cjfS3XJQai:xfYBrbzmFizYwUK1G0DRXJQ
Score3/10 -
-
-
Target
$APPDATA/NsCpuCNMiner/makensis.exe
-
Size
484KB
-
MD5
e79833cb0d7b2573819ded2122b57bdd
-
SHA1
71ead8cd4a95704a0cade630bb3ce280af7e028e
-
SHA256
572a6f9cb5b37b6eec13b578d346c2568ce3ec88bb711d75dac9e82fc01c8860
-
SHA512
4b023e60392ead0691621a1306286fda6cdc4c447f164c8f249c59db2500d8b98514d93c7a7e8d3cfd60818d2ca74e84ec24163492765b6c17fe94ea0385bd69
-
SSDEEP
12288:LhHlj+wtKJVIo9ZoACV6sil8+eSycI+Tt0XCyzLHWj:Lxl+0KJVpneV6siy+I+TtcCyzLHW
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/inetc.dll
-
Size
21KB
-
MD5
d7a3fa6a6c738b4a3c40d5602af20b08
-
SHA1
34fc75d97f640609cb6cadb001da2cb2c0b3538a
-
SHA256
67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
-
SHA512
75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934
-
SSDEEP
384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Score3/10 -