Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0e544d2b28401eb31e7d0276edadb7d0_NeikiAnalytics.exe

  • Size

    3.2MB

  • Sample

    240527-aacqeahg94

  • MD5

    0e544d2b28401eb31e7d0276edadb7d0

  • SHA1

    4ec599b5335a8f88fa2e91eed61306c6e0f19742

  • SHA256

    b235f79389e53f64c9dc3e07f7ff7106170420f5c47056f03552ef4f45fe5247

  • SHA512

    0cc525e9d8c84c3b7afc28602c31ffc2331a8c5efa5f0d638afbb379d94936c8d0c047f5f1eb4b7c07a791153de00c0d5fa342a9f4f740a84eeeaa5cc0a2dbb3

  • SSDEEP

    98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWJ:SbBeSFkF

Malware Config

Targets

    • Target

      0e544d2b28401eb31e7d0276edadb7d0_NeikiAnalytics.exe

    • Size

      3.2MB

    • MD5

      0e544d2b28401eb31e7d0276edadb7d0

    • SHA1

      4ec599b5335a8f88fa2e91eed61306c6e0f19742

    • SHA256

      b235f79389e53f64c9dc3e07f7ff7106170420f5c47056f03552ef4f45fe5247

    • SHA512

      0cc525e9d8c84c3b7afc28602c31ffc2331a8c5efa5f0d638afbb379d94936c8d0c047f5f1eb4b7c07a791153de00c0d5fa342a9f4f740a84eeeaa5cc0a2dbb3

    • SSDEEP

      98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWJ:SbBeSFkF

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks