Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics

  • Size

    1.6MB

  • Sample

    240514-wglsjshc87

  • MD5

    04c7d0edb3a4c8ec404bb479dec4ee60

  • SHA1

    17c079326af7b919fbb5b6f5157ba7a594ba147e

  • SHA256

    d41c69cc6102ef81c8bf0fabce2a8cbe521503414ab0a9fcf38ff36cda8301e9

  • SHA512

    436ea52ca146c86704b57643e4d7d99d3eb24dcd7dfc41dd65d78ea0de152ff0cd1ebb220aa8ccc9c8e4cffa1133b982cbbcded64b0c7bedf2d33f152e1bf304

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+yZdc/Tgl2:Lz071uv4BPMkHC0I6Gz3N1pHPg/T+x7U

Malware Config

Targets

    • Target

      04c7d0edb3a4c8ec404bb479dec4ee60_NeikiAnalytics

    • Size

      1.6MB

    • MD5

      04c7d0edb3a4c8ec404bb479dec4ee60

    • SHA1

      17c079326af7b919fbb5b6f5157ba7a594ba147e

    • SHA256

      d41c69cc6102ef81c8bf0fabce2a8cbe521503414ab0a9fcf38ff36cda8301e9

    • SHA512

      436ea52ca146c86704b57643e4d7d99d3eb24dcd7dfc41dd65d78ea0de152ff0cd1ebb220aa8ccc9c8e4cffa1133b982cbbcded64b0c7bedf2d33f152e1bf304

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+yZdc/Tgl2:Lz071uv4BPMkHC0I6Gz3N1pHPg/T+x7U

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks