Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
09b0ee3818f23e3f15452555ecc5c120_NeikiAnalytics
-
Size
285KB
-
Sample
240510-z9fnsaad8t
-
MD5
09b0ee3818f23e3f15452555ecc5c120
-
SHA1
4a4233568b827c76d7b74f4d3ebdadff7570e48b
-
SHA256
862d509b746ac55f8af08524b47f7a89b740cb9a8cb748ec71be9f1b3b7659e4
-
SHA512
4104b6409acabc865f386ea389d89f34ddebe2ae98e33a6b9eec7e0c50f0c3bba00132d1a59541d73276b84ab45f1f9ca5fb972a14ed59a4647eb21d36aa5d54
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLp:NBaBnmtOwq/+1MkU68raJRHua8G9Lcob
Behavioral task
behavioral1
Sample
09b0ee3818f23e3f15452555ecc5c120_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
09b0ee3818f23e3f15452555ecc5c120_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
09b0ee3818f23e3f15452555ecc5c120_NeikiAnalytics
-
Size
285KB
-
MD5
09b0ee3818f23e3f15452555ecc5c120
-
SHA1
4a4233568b827c76d7b74f4d3ebdadff7570e48b
-
SHA256
862d509b746ac55f8af08524b47f7a89b740cb9a8cb748ec71be9f1b3b7659e4
-
SHA512
4104b6409acabc865f386ea389d89f34ddebe2ae98e33a6b9eec7e0c50f0c3bba00132d1a59541d73276b84ab45f1f9ca5fb972a14ed59a4647eb21d36aa5d54
-
SSDEEP
6144:+ZyKE4FBg+XHnZYkQGmzRrOEg0q/vjLm1AHkUm1Ys8xiV4DvtsJRlVDqa8GzNHLp:NBaBnmtOwq/+1MkU68raJRHua8G9Lcob
Score10/10-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1