eb7e28ae2e5f7628fa2838fa3424952ba50e76e8f003b36115a035d19b22662b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2ce35c3690...cs.exe

windows7-x64

7

2ce35c3690...cs.exe

windows10-2004-x64

7

Sharing

General

Target

2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe
Size

447KB
Sample

240604-e1bcgsch7v
MD5

2ce35c36903ad6e372ab53011e3b8820
SHA1

b804f66019f09df78eb7e02af03244911e3d1a3f
SHA256

eb7e28ae2e5f7628fa2838fa3424952ba50e76e8f003b36115a035d19b22662b
SHA512

986d80c52febb709076f200ebafcd2b336f7c962b85ae58d0fc6564da8c4353a53c2fa62ce1b6a1251c27ca3785299e74f881de9873b23e7cf42b796fa0ffcc8
SSDEEP

12288:hPnA65XwlYgrHy6V17kr8+m73q+pgkxzdxRlabQYtCAZ5cIkKix:hPJwlBrygOW3q49ldx7XIa

Score

7^/10

spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe

Resource

win7-20240508-en

spyware stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe
- Size
  
  447KB
- MD5
  
  2ce35c36903ad6e372ab53011e3b8820
- SHA1
  
  b804f66019f09df78eb7e02af03244911e3d1a3f
- SHA256
  
  eb7e28ae2e5f7628fa2838fa3424952ba50e76e8f003b36115a035d19b22662b
- SHA512
  
  986d80c52febb709076f200ebafcd2b336f7c962b85ae58d0fc6564da8c4353a53c2fa62ce1b6a1251c27ca3785299e74f881de9873b23e7cf42b796fa0ffcc8
- SSDEEP
  
  12288:hPnA65XwlYgrHy6V17kr8+m73q+pgkxzdxRlabQYtCAZ5cIkKix:hPJwlBrygOW3q49ldx7XIa
Score

7^/10

spyware stealer upx
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy