Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    901dbe3788b9a65c6a296592dc124740_NeikiAnalytics.exe

  • Size

    1.3MB

  • Sample

    240603-a7hypadc3v

  • MD5

    901dbe3788b9a65c6a296592dc124740

  • SHA1

    52a0ad6f0764bcf47812b6ee9c29488ac0ec7e01

  • SHA256

    4fd26c47b8ceb57f169415da06ea0f8646557389097b4a170db3e3006cc64619

  • SHA512

    8feaac8331cc5ca9086b71a3f112833bff6163c2805adad9a6bb6389993b4cfb9fec592452bf63985df19c5a02adb2c3a863aca3f5c407a3832d03d2db735091

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmB8:Lz071uv4BPMkFfdg6NsI8

Malware Config

Targets

    • Target

      901dbe3788b9a65c6a296592dc124740_NeikiAnalytics.exe

    • Size

      1.3MB

    • MD5

      901dbe3788b9a65c6a296592dc124740

    • SHA1

      52a0ad6f0764bcf47812b6ee9c29488ac0ec7e01

    • SHA256

      4fd26c47b8ceb57f169415da06ea0f8646557389097b4a170db3e3006cc64619

    • SHA512

      8feaac8331cc5ca9086b71a3f112833bff6163c2805adad9a6bb6389993b4cfb9fec592452bf63985df19c5a02adb2c3a863aca3f5c407a3832d03d2db735091

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmB8:Lz071uv4BPMkFfdg6NsI8

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks