Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

949cac1292...cs.exe

windows7-x64

10

949cac1292...cs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    949cac1292cfabc3865f9d90ec42ce30_NeikiAnalytics.exe

  • Size

    262KB

  • Sample

    240603-bn3z7afd44

  • MD5

    949cac1292cfabc3865f9d90ec42ce30

  • SHA1

    c819fc0eea9455ede347b3a6ac8786cc2057d4b7

  • SHA256

    1d25f31dfce99e86c6b39d75d18b6140baf13caab5145573ae3f55a41e90240b

  • SHA512

    b16a7031baa2f8d335e356b56ea712c3f016336e3ea0fe95f0bebb6628aaa4945dc517252a87e1abff020e25c30238a1560aeef99f42a308409c9e399b5eff6a

  • SSDEEP

    3072:O7BMvaWjzrLXQQJKgmSBAVpet2AgoQlMZj:saaWjz/gGKgmS+k2t2

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      949cac1292cfabc3865f9d90ec42ce30_NeikiAnalytics.exe

    • Size

      262KB

    • MD5

      949cac1292cfabc3865f9d90ec42ce30

    • SHA1

      c819fc0eea9455ede347b3a6ac8786cc2057d4b7

    • SHA256

      1d25f31dfce99e86c6b39d75d18b6140baf13caab5145573ae3f55a41e90240b

    • SHA512

      b16a7031baa2f8d335e356b56ea712c3f016336e3ea0fe95f0bebb6628aaa4945dc517252a87e1abff020e25c30238a1560aeef99f42a308409c9e399b5eff6a

    • SSDEEP

      3072:O7BMvaWjzrLXQQJKgmSBAVpet2AgoQlMZj:saaWjz/gGKgmS+k2t2

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks