Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

2aba2eed61...cs.exe

windows7-x64

9

2aba2eed61...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe

  • Size

    111KB

  • MD5

    2aba2eed615d92ec14b927145de88110

  • SHA1

    a0cc406016b13f4a48dc66af3c08009b97e1d5cd

  • SHA256

    ce12f52b95e049b6c1c56308acf2d0b509f9619a87606a45b02139abe203447c

  • SHA512

    a862f652ad92351795b75e41f2028d517fd14ddc24bb5496c5ff0104623196cabfc9888ec4fc3b1abab5921cd241fb790bb8f881069d853938a8596405d06938

  • SSDEEP

    768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wz1JNFHH1JNFHeX2yYa:W7ZQpApjIKTie+e3wBJ/HVJ/HeXX

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (738) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
    Filesize

    111KB

    MD5

    131416e86386741cea0a7ce39896e11c

    SHA1

    e0599d1b60f8f3b7fe76c50073f94a72428f92fb

    SHA256

    6668dd75f99ab0222c71f48973cd9ad56b9ab22a79392e10929ec7214934f431

    SHA512

    25185d95a76baeb71c70ab18bf8ddf36f2b8c14e481a6262fa9bf790acc9b2cfa94c8e93f98ecf8b22abd3d6071007074e5000cf9ef318f7c8c0ca0a68b79a9b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    120KB

    MD5

    337ff347743ce20cfe987ce7cab39106

    SHA1

    3f411a33d564be53b1603e796bfb5f11ef6a0633

    SHA256

    1a9f9ece0f121995432811f16bdc069066be131ce9947cd34cc0a817d131cd6d

    SHA512

    38f75db854badc03139ca039d1fb2b83c9c66b5b1f9b929e2eefe99421e50a64d15f7bb7f676e1f5504f42eeb090622d61ec2d683f1ff742aaed0154b8ede9ea

    Download Submit