Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

ca8621b1a9...cs.exe

windows7-x64

9

ca8621b1a9...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    ca8621b1a98291894cae8cd89c420c00

  • SHA1

    d63957c1b60952966a9459d188e0b03d540a9392

  • SHA256

    fbb7630e7f17744ae8d7f2e16a8754f42cfee793410599f2264b577a9e6a84c2

  • SHA512

    4569c5ea301c6470eb105a0abbd95f11d55dd91208a01fb7b0d8c8f5e67a9dd7a636980b6b1d7646c16fc7ad89a802e61aed94aa7d5bb983b111b96c546b48d8

  • SSDEEP

    24576:IxJ+SZCzwWzmZLPRb4Rfc02ZF1NqeJslnIOGvRS2clZ7J24J9CE662+E/xeC99Qj:IKzwWCJR300WnITZS2+Zt/C04MECj

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (1335) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
    Filesize

    2.0MB

    MD5

    49b429abd312c56f4d07a278e6c19e9e

    SHA1

    4541efe7d249e082ad95f5bbc02891362b8a6b21

    SHA256

    9d290e5be2292ea12b3a4b54dca3b8b71949c40c1954b40e22ed2ea684549ec4

    SHA512

    b560a5d5c24a41c09bb7ef66edf87542984de2c4c5892ee5fb46b9ba3622104b9533403076ffebd29d4ffed6fbd42a68dd43a71f1f665f76acd6d3ba0bd79e02

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    2.1MB

    MD5

    aa86253c204c19c30bb434dc01e893f4

    SHA1

    8fd7643059ab1ca9cb3bf40b21891b8babaaaecd

    SHA256

    876e3fbabab760a3a6bee64055ec408f4969b029c6af79170c00f8f6d453b712

    SHA512

    e19dc68f40395b5bf24ced56a866b76356d1a6745258f37a54c6c3c802e4e1bc9a6b1169efd517027b61f3c014d66bd2bc8ee0ce7f5818464b90d9978812a1fb

    Download Submit

  • memory/2696-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2696-464-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download