b38b1d374004cf53cfe474064496194d8bdf06e41ec1a24c239d925d7e4a4ee3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

bb7baf2071...cs.exe

windows7-x64

bb7baf2071...cs.exe

windows10-2004-x64

Sharing

General

Target

bb7baf2071fe8a67a85388ba47d3b200_NeikiAnalytics.exe
Size

352KB
Sample

240525-hgfdwahf5w
MD5

bb7baf2071fe8a67a85388ba47d3b200
SHA1

00e3aa64bf85cb8ad285b4f9f5913e00254bea3d
SHA256

b38b1d374004cf53cfe474064496194d8bdf06e41ec1a24c239d925d7e4a4ee3
SHA512

6ab6cc3d4c219ab00ff45fb7ac89da4e21b1bb5c82dc667763cae652d53a9320355095b1f41e3561d559b02ee96550a2587eccf1186598eb871770321a1e78e3
SSDEEP

6144:vIGEnprZkRs38t54c6rzNdfsIGEnprZkRs38t54c6rzNdf/:vxEnAR934YxEnAR934L

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bb7baf2071fe8a67a85388ba47d3b200_NeikiAnalytics.exe

Resource

win7-20240220-en

evasion persistence upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb7baf2071fe8a67a85388ba47d3b200_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

evasion persistence upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb7baf2071fe8a67a85388ba47d3b200_NeikiAnalytics.exe
- Size
  
  352KB
- MD5
  
  bb7baf2071fe8a67a85388ba47d3b200
- SHA1
  
  00e3aa64bf85cb8ad285b4f9f5913e00254bea3d
- SHA256
  
  b38b1d374004cf53cfe474064496194d8bdf06e41ec1a24c239d925d7e4a4ee3
- SHA512
  
  6ab6cc3d4c219ab00ff45fb7ac89da4e21b1bb5c82dc667763cae652d53a9320355095b1f41e3561d559b02ee96550a2587eccf1186598eb871770321a1e78e3
- SSDEEP
  
  6144:vIGEnprZkRs38t54c6rzNdfsIGEnprZkRs38t54c6rzNdf/:vxEnAR934YxEnAR934L
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables use of System Restore points
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy