Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

a585094f58...cs.exe

windows7-x64

8

a585094f58...cs.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a585094f5862bab86b6c0446fbf27ec0_NeikiAnalytics.exe

  • Size

    284KB

  • Sample

    240603-ymcg6shb86

  • MD5

    a585094f5862bab86b6c0446fbf27ec0

  • SHA1

    eee71be394f4ef2c93715d78a83aa014fee2d406

  • SHA256

    55c6714b6b9f7649f22be6d50fd59647839d6a48ea1bb61be1f6eada34ff8ea8

  • SHA512

    8f267f6a4b90cae91ff97f19cbbedc43ba6ac06de9e8a4d657e2cf8d9731dbaec16547bf12da5e582f3fe7c6cb4e008c2e04bfb76352a9eb3b8de3536027d4ff

  • SSDEEP

    3072:KSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lu:KPA6wxmuJspr2l

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      a585094f5862bab86b6c0446fbf27ec0_NeikiAnalytics.exe

    • Size

      284KB

    • MD5

      a585094f5862bab86b6c0446fbf27ec0

    • SHA1

      eee71be394f4ef2c93715d78a83aa014fee2d406

    • SHA256

      55c6714b6b9f7649f22be6d50fd59647839d6a48ea1bb61be1f6eada34ff8ea8

    • SHA512

      8f267f6a4b90cae91ff97f19cbbedc43ba6ac06de9e8a4d657e2cf8d9731dbaec16547bf12da5e582f3fe7c6cb4e008c2e04bfb76352a9eb3b8de3536027d4ff

    • SSDEEP

      3072:KSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lu:KPA6wxmuJspr2l

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks