Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2455deec4f1afa74481d173e50c24710_NeikiAnalytics
-
Size
120KB
-
Sample
240515-yjl77sgg7z
-
MD5
2455deec4f1afa74481d173e50c24710
-
SHA1
cf9147b24c4a1199c7d2d757250d81066e4475b7
-
SHA256
78f1fc785bc70bade499c6a7969128922fb05bbe1f66f16925b4e84c2035bc7f
-
SHA512
a0c04bebe42d21387dd715798c1e6c1f859cb2dba08c0df325fc3d962577a98955ea3d7aa5ce2e01027d7fc7d738210f6173f899b76a30c1c16ba9852faecc68
-
SSDEEP
3072:WyQs2GNPHpxNKlqnBr7WdfZ0CQcpGWGpGY:WyjhIlqnVshThGFG
Static task
static1
Behavioral task
behavioral1
Sample
2455deec4f1afa74481d173e50c24710_NeikiAnalytics.dll
Resource
win7-20240221-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2455deec4f1afa74481d173e50c24710_NeikiAnalytics
-
Size
120KB
-
MD5
2455deec4f1afa74481d173e50c24710
-
SHA1
cf9147b24c4a1199c7d2d757250d81066e4475b7
-
SHA256
78f1fc785bc70bade499c6a7969128922fb05bbe1f66f16925b4e84c2035bc7f
-
SHA512
a0c04bebe42d21387dd715798c1e6c1f859cb2dba08c0df325fc3d962577a98955ea3d7aa5ce2e01027d7fc7d738210f6173f899b76a30c1c16ba9852faecc68
-
SSDEEP
3072:WyQs2GNPHpxNKlqnBr7WdfZ0CQcpGWGpGY:WyjhIlqnVshThGFG
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5