Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2c6d180627372c3c0b52ff839ce356d0_NeikiAnalytics
-
Size
326KB
-
Sample
240515-y7py1aaf75
-
MD5
2c6d180627372c3c0b52ff839ce356d0
-
SHA1
e08ccf0b3a71dc55ab0ccd9cff0c37e125bb11e8
-
SHA256
693344b16f58b92d4e6db5c01bb1bc93e97290a6f983665fc2d4e88272419698
-
SHA512
3b9f8375b9eb7074c711ae76399ef9a53d453df521d18ac1e78725b925f6547db3cf85cd00c9c1f2a29a39542cca45d2901c68f990c0c10fd7ce8743381562fe
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6SbJhs7QW69hd1MMdxPe9N9uA0hu9TBJG:zENN+T5xYrllrU7QY6SbjDhu9THG
Malware Config
Targets
-
-
Target
2c6d180627372c3c0b52ff839ce356d0_NeikiAnalytics
-
Size
326KB
-
MD5
2c6d180627372c3c0b52ff839ce356d0
-
SHA1
e08ccf0b3a71dc55ab0ccd9cff0c37e125bb11e8
-
SHA256
693344b16f58b92d4e6db5c01bb1bc93e97290a6f983665fc2d4e88272419698
-
SHA512
3b9f8375b9eb7074c711ae76399ef9a53d453df521d18ac1e78725b925f6547db3cf85cd00c9c1f2a29a39542cca45d2901c68f990c0c10fd7ce8743381562fe
-
SSDEEP
6144:zvEN2U+T6i5LirrllHy4HUcMQY6SbJhs7QW69hd1MMdxPe9N9uA0hu9TBJG:zENN+T5xYrllrU7QY6SbjDhu9THG
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1