Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e1b8d93b4d...cs.exe

windows7-x64

7

e1b8d93b4d...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1b8d93b4d0890646e5a4ace315877d0_NeikiAnalytics

  • Size

    719KB

  • Sample

    240516-rm1fnsgh82

  • MD5

    e1b8d93b4d0890646e5a4ace315877d0

  • SHA1

    2e79d1cddebe9d4273dac0400e8c189c6b3cdb72

  • SHA256

    29097ecf877bc65271b36789cd24df0945e8bd141484f7ad67313d40ef2fd625

  • SHA512

    5526a2306245214c9d223b07a8fd48c3fddb8c2cd3960baf4bbcfd86feaa0f88862a2e2394f09fae559a8df44b9ab539c5e3988a4145f8e627928d4fd333ccfb

  • SSDEEP

    12288:9n8yN0Mr8Pj63hgD1Zi9WqOFhElzDQTlWsmA6bm8bEghPl:FPub63i6WqQSExWs4739l

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      e1b8d93b4d0890646e5a4ace315877d0_NeikiAnalytics

    • Size

      719KB

    • MD5

      e1b8d93b4d0890646e5a4ace315877d0

    • SHA1

      2e79d1cddebe9d4273dac0400e8c189c6b3cdb72

    • SHA256

      29097ecf877bc65271b36789cd24df0945e8bd141484f7ad67313d40ef2fd625

    • SHA512

      5526a2306245214c9d223b07a8fd48c3fddb8c2cd3960baf4bbcfd86feaa0f88862a2e2394f09fae559a8df44b9ab539c5e3988a4145f8e627928d4fd333ccfb

    • SSDEEP

      12288:9n8yN0Mr8Pj63hgD1Zi9WqOFhElzDQTlWsmA6bm8bEghPl:FPub63i6WqQSExWs4739l

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks