Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 16:03

General

  • Target

    2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe

  • Size

    111KB

  • MD5

    2aba2eed615d92ec14b927145de88110

  • SHA1

    a0cc406016b13f4a48dc66af3c08009b97e1d5cd

  • SHA256

    ce12f52b95e049b6c1c56308acf2d0b509f9619a87606a45b02139abe203447c

  • SHA512

    a862f652ad92351795b75e41f2028d517fd14ddc24bb5496c5ff0104623196cabfc9888ec4fc3b1abab5921cd241fb790bb8f881069d853938a8596405d06938

  • SSDEEP

    768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wz1JNFHH1JNFHeX2yYa:W7ZQpApjIKTie+e3wBJ/HVJ/HeXX

Score
9/10

Malware Config

Signatures

  • Renames multiple (639) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2960
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      111KB

      MD5

      4437b92164579afc9521809d316cb3ab

      SHA1

      f5134c18fd5eb110cb64c738813bbd4bf43d0f30

      SHA256

      1890889ba25df8d9d618c2fbf02b120e0361933c771b95b136212bd19d237a86

      SHA512

      fff0c213f42b14927341ee04ed7b9fe81bfd49277595be3057d8834320f9ce9dbf91d1c267f03ff326a5ce60442aabb790b4b909248913ee496694e1f7367e50

    • C:\libsmartscreen.dll.tmp

      Filesize

      111KB

      MD5

      f130c0b2778686856131a25781e8d933

      SHA1

      86aec1ff0668fad5028818af3639e90902e84ea1

      SHA256

      89e0c6e33097dea3074e5f5ab63f7c08b9437a9840fcec43c00232c52b88d93e

      SHA512

      559e0e5eaa7ac4540e31c6a0ddbec295fe4429e7bc40985a278abaea7e63089319a076139a8e2b3823282c047a1e94fc79f048ad3882c2d54efef2d9eb47dbd4