Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 19:39 UTC

General

  • Target

    220ce25c714cb4289254e39dd00718b0_NeikiAnalytics.exe

  • Size

    143KB

  • MD5

    220ce25c714cb4289254e39dd00718b0

  • SHA1

    a459f837cc8be4bff006b3387ca456210d03079c

  • SHA256

    0045949150a4f7514a47646a734bd11f2b55110fcfa460eab9baef59ea283540

  • SHA512

    3e8117769133fa70895c58c6c5529d5c992ea5ac7f473140681d1c849bfce6ba1c90b77ca52e8736c0392f5728ffadfa4ab2a04a68081b8fd003efc79f5c2b57

  • SSDEEP

    768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOo:/7ZQpApUsKiXBvzwvzXJvlwJvl0ey

Score
9/10

Malware Config

Signatures

  • Renames multiple (3143) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\220ce25c714cb4289254e39dd00718b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\220ce25c714cb4289254e39dd00718b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

    Filesize

    143KB

    MD5

    c9600e67cccc208d3a0a27f478cb4697

    SHA1

    4514e4e053b1867500e2ffb047c0c5d44b08f293

    SHA256

    e6f272367d3c9ae126ae9f341f7f91302702dac26eae82aa662765b062d6df79

    SHA512

    c19d8271aa5570d28e2bf8ef31e402bb4cdf851e9f9e14cc2b4a46cc29f9e250918fbb47295c1bcbc656eb291a37b0fad6d5406c09c90b6a06cbf79eabde36be

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    152KB

    MD5

    a81231dca5a64ae792fb27bedcf29b17

    SHA1

    2dfab0859b382dfe44bc0f9891ca54c930a9eeb0

    SHA256

    c755b30dca6265cd3e813bfa7b0e9cc8cc3faf107c299e4cf659bc3efbe5db3c

    SHA512

    c9a5946f540b7bbb20b958593ea6dd111e5e6b2d98828742f2a3796c9fadd910ce996b300ddffc6a6e08d42fd7df5761a4ac72c0b8c496ca16dfbc99d523983f

  • memory/1068-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1068-396-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.