6d9f005b96f1ce8f3c0b009b36137155fb9e0eef124ee9be9c8575692837b91e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

b972c00bf2...cs.exe

windows7-x64

b972c00bf2...cs.exe

windows10-2004-x64

Sharing

General

Target

b972c00bf289a05a128a74d75f723c20_NeikiAnalytics
Size

77KB
Sample

240514-k7462ahh4s
MD5

b972c00bf289a05a128a74d75f723c20
SHA1

38d43b1bf3f39b04a50a89776bb1b14961a6a4e4
SHA256

6d9f005b96f1ce8f3c0b009b36137155fb9e0eef124ee9be9c8575692837b91e
SHA512

91ec22d0c55f01dd78f5968d90ce25c96102fbf4843e60da3e39ad8ff2ba4ce59706d95e4ebf247d90a3b4ee17f589f43c1b4ac35b1bb7e17c779f68ac8e4078
SSDEEP

1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoK5:FD40Dmx7y9DZ/Z2hGVkK5

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b972c00bf289a05a128a74d75f723c20_NeikiAnalytics.exe

Resource

win7-20240419-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b972c00bf289a05a128a74d75f723c20_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

evasion persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  b972c00bf289a05a128a74d75f723c20_NeikiAnalytics
- Size
  
  77KB
- MD5
  
  b972c00bf289a05a128a74d75f723c20
- SHA1
  
  38d43b1bf3f39b04a50a89776bb1b14961a6a4e4
- SHA256
  
  6d9f005b96f1ce8f3c0b009b36137155fb9e0eef124ee9be9c8575692837b91e
- SHA512
  
  91ec22d0c55f01dd78f5968d90ce25c96102fbf4843e60da3e39ad8ff2ba4ce59706d95e4ebf247d90a3b4ee17f589f43c1b4ac35b1bb7e17c779f68ac8e4078
- SSDEEP
  
  1536:ekeK40T/mx7y9v7Z/Z2V/GSAFRfBhpVoK5:FD40Dmx7y9DZ/Z2hGVkK5
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy