Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    90b99490232fa2779bf07edf939db980_NeikiAnalytics.exe

  • Size

    1.8MB

  • Sample

    240603-a9cvfsee98

  • MD5

    90b99490232fa2779bf07edf939db980

  • SHA1

    a9b54a6de4dbf3d7d7e26d204bce6ffa0efc3e36

  • SHA256

    6c64cb16cd11dff9244de236ae3e91a968e001555a4b8eda9d06f5c0b72f42cc

  • SHA512

    f35a749856e03299847b7332c3ae5f2c0823b174b53769c9112fc5ef5a82840cf8b81bd43dc0da85e1077dbef6715b317a46865c090b49b015ea27b95287e0cf

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYlZ3pBjqlx7TovQmVV4dThen9zF:Lz071uv4BPMkibTIA5lCx7kvRWa4pU7

Malware Config

Targets

    • Target

      90b99490232fa2779bf07edf939db980_NeikiAnalytics.exe

    • Size

      1.8MB

    • MD5

      90b99490232fa2779bf07edf939db980

    • SHA1

      a9b54a6de4dbf3d7d7e26d204bce6ffa0efc3e36

    • SHA256

      6c64cb16cd11dff9244de236ae3e91a968e001555a4b8eda9d06f5c0b72f42cc

    • SHA512

      f35a749856e03299847b7332c3ae5f2c0823b174b53769c9112fc5ef5a82840cf8b81bd43dc0da85e1077dbef6715b317a46865c090b49b015ea27b95287e0cf

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYlZ3pBjqlx7TovQmVV4dThen9zF:Lz071uv4BPMkibTIA5lCx7kvRWa4pU7

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks