Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics

  • Size

    1.9MB

  • Sample

    240511-d7a5maea35

  • MD5

    7067d619735013b8b2a2bacb87757aa0

  • SHA1

    31d8a7f94303f978747bb0ec7aad7eb78d4c2321

  • SHA256

    686341d8c427c1460ebfd708d4f6dd2586e9ca899878981b29fabaa513fe972d

  • SHA512

    e882dc7047943149f5e43516701e3b5d95dbb65b17eb08bad5155f19e9e7a0301803c102f462793195b0a0bb45c4dada90a45eabbf98f18532a0df209586480b

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VzxBp1P:NABk

Malware Config

Targets

    • Target

      7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics

    • Size

      1.9MB

    • MD5

      7067d619735013b8b2a2bacb87757aa0

    • SHA1

      31d8a7f94303f978747bb0ec7aad7eb78d4c2321

    • SHA256

      686341d8c427c1460ebfd708d4f6dd2586e9ca899878981b29fabaa513fe972d

    • SHA512

      e882dc7047943149f5e43516701e3b5d95dbb65b17eb08bad5155f19e9e7a0301803c102f462793195b0a0bb45c4dada90a45eabbf98f18532a0df209586480b

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VzxBp1P:NABk

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks