Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    37b3a91b380bcfcf0e99968cd8b08a20_NeikiAnalytics.exe

  • Size

    821KB

  • Sample

    240602-e7z97abb6w

  • MD5

    37b3a91b380bcfcf0e99968cd8b08a20

  • SHA1

    2613b76e195f3c4a9df49550a81f51bc890f5d33

  • SHA256

    cb3adeaee03768c5f785a46500f067efc4760f61b560cd07cf349ba4de1559cb

  • SHA512

    086be58b775fd2b315d8ceb65d0276a0d848e7f5f157cb95b7cd2bd8398fb1e762f2dcc74657802b6a760c8e673d0f38a5c344318cad447f6b7a79dd152036b5

  • SSDEEP

    12288:MOlZxSrnhmcLzzC4mkpRcXVeqGuoNApa+4nQew2wYuygUGv7PjIyk9DC:MCZxSrnscLXBmKyleqBa5nQKPuDDjc9m

Malware Config

Targets

    • Target

      37b3a91b380bcfcf0e99968cd8b08a20_NeikiAnalytics.exe

    • Size

      821KB

    • MD5

      37b3a91b380bcfcf0e99968cd8b08a20

    • SHA1

      2613b76e195f3c4a9df49550a81f51bc890f5d33

    • SHA256

      cb3adeaee03768c5f785a46500f067efc4760f61b560cd07cf349ba4de1559cb

    • SHA512

      086be58b775fd2b315d8ceb65d0276a0d848e7f5f157cb95b7cd2bd8398fb1e762f2dcc74657802b6a760c8e673d0f38a5c344318cad447f6b7a79dd152036b5

    • SSDEEP

      12288:MOlZxSrnhmcLzzC4mkpRcXVeqGuoNApa+4nQew2wYuygUGv7PjIyk9DC:MCZxSrnscLXBmKyleqBa5nQKPuDDjc9m

    • UAC bypass

    • Windows security bypass

    • Looks for VirtualBox Guest Additions in registry

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Windows security modification

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks