7e14114a882e13f10fc3dba19d4f70f4c804f34584fcd816e92ff54764b44fee | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

420f9d0978...cs.exe

windows7-x64

7

420f9d0978...cs.exe

windows10-2004-x64

7

Sharing

General

Target

420f9d09781da5efa88c07bc6464c350_NeikiAnalytics
Size

170KB
Sample

240514-3djx4sdf2z
MD5

420f9d09781da5efa88c07bc6464c350
SHA1

e484e30648fd498b28128ed8145e5164c80a1b8f
SHA256

7e14114a882e13f10fc3dba19d4f70f4c804f34584fcd816e92ff54764b44fee
SHA512

ed1dcced5a5db08e0037570fd27482685c3e832383cf07a5bf80bd0bd703d0a82c4f5a60198324d477a7eb0445b9f474493b074fcbbfce9dd83d27aede6c37a9
SSDEEP

3072:s/JpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7Ux:sBAm5oh63laEo+pXX1pkF8mxeq5+4m7D

Score

7^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

420f9d09781da5efa88c07bc6464c350_NeikiAnalytics.exe

Resource

win7-20240419-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

420f9d09781da5efa88c07bc6464c350_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  420f9d09781da5efa88c07bc6464c350_NeikiAnalytics
- Size
  
  170KB
- MD5
  
  420f9d09781da5efa88c07bc6464c350
- SHA1
  
  e484e30648fd498b28128ed8145e5164c80a1b8f
- SHA256
  
  7e14114a882e13f10fc3dba19d4f70f4c804f34584fcd816e92ff54764b44fee
- SHA512
  
  ed1dcced5a5db08e0037570fd27482685c3e832383cf07a5bf80bd0bd703d0a82c4f5a60198324d477a7eb0445b9f474493b074fcbbfce9dd83d27aede6c37a9
- SSDEEP
  
  3072:s/JpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7Ux:sBAm5oh63laEo+pXX1pkF8mxeq5+4m7D
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy