Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
37b3a91b380bcfcf0e99968cd8b08a20_NeikiAnalytics.exe
-
Size
821KB
-
Sample
240602-e7z97abb6w
-
MD5
37b3a91b380bcfcf0e99968cd8b08a20
-
SHA1
2613b76e195f3c4a9df49550a81f51bc890f5d33
-
SHA256
cb3adeaee03768c5f785a46500f067efc4760f61b560cd07cf349ba4de1559cb
-
SHA512
086be58b775fd2b315d8ceb65d0276a0d848e7f5f157cb95b7cd2bd8398fb1e762f2dcc74657802b6a760c8e673d0f38a5c344318cad447f6b7a79dd152036b5
-
SSDEEP
12288:MOlZxSrnhmcLzzC4mkpRcXVeqGuoNApa+4nQew2wYuygUGv7PjIyk9DC:MCZxSrnscLXBmKyleqBa5nQKPuDDjc9m
Static task
static1
Behavioral task
behavioral1
Sample
37b3a91b380bcfcf0e99968cd8b08a20_NeikiAnalytics.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
37b3a91b380bcfcf0e99968cd8b08a20_NeikiAnalytics.exe
-
Size
821KB
-
MD5
37b3a91b380bcfcf0e99968cd8b08a20
-
SHA1
2613b76e195f3c4a9df49550a81f51bc890f5d33
-
SHA256
cb3adeaee03768c5f785a46500f067efc4760f61b560cd07cf349ba4de1559cb
-
SHA512
086be58b775fd2b315d8ceb65d0276a0d848e7f5f157cb95b7cd2bd8398fb1e762f2dcc74657802b6a760c8e673d0f38a5c344318cad447f6b7a79dd152036b5
-
SSDEEP
12288:MOlZxSrnhmcLzzC4mkpRcXVeqGuoNApa+4nQew2wYuygUGv7PjIyk9DC:MCZxSrnscLXBmKyleqBa5nQKPuDDjc9m
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Scripting
1Virtualization/Sandbox Evasion
2