Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d7bc766034a063613f8db42e59df4f0_NeikiAnalytics.exe

  • Size

    109KB

  • Sample

    240522-e4kqbscc6s

  • MD5

    1d7bc766034a063613f8db42e59df4f0

  • SHA1

    9b11fd2fdfe1bb18559b6d66d7023b2ecf8be025

  • SHA256

    5756cb9b1dc52ee8b8c49c52644353e391a09eaa872a6aa119c2bf893b8f43d1

  • SHA512

    726e3c675aae13a53a0e14b25b712dfa3701843024e864ec174afec9df044b30446e367f2ea6bb1acf8a61dda2216ab7ead6e93fc40040e6e08d963e1a1b2082

  • SSDEEP

    1536:TRiAXaKD5grAhdVA2VukXKzMf3liaL+SWzR+fy1ZZosMiZ7RtEsH:liAXaKDLVaroj6SWzosZGyRtEs

Malware Config

Targets

    • Target

      1d7bc766034a063613f8db42e59df4f0_NeikiAnalytics.exe

    • Size

      109KB

    • MD5

      1d7bc766034a063613f8db42e59df4f0

    • SHA1

      9b11fd2fdfe1bb18559b6d66d7023b2ecf8be025

    • SHA256

      5756cb9b1dc52ee8b8c49c52644353e391a09eaa872a6aa119c2bf893b8f43d1

    • SHA512

      726e3c675aae13a53a0e14b25b712dfa3701843024e864ec174afec9df044b30446e367f2ea6bb1acf8a61dda2216ab7ead6e93fc40040e6e08d963e1a1b2082

    • SSDEEP

      1536:TRiAXaKD5grAhdVA2VukXKzMf3liaL+SWzR+fy1ZZosMiZ7RtEsH:liAXaKDLVaroj6SWzosZGyRtEs

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks