Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

3ceba9119b...cs.exe

windows7-x64

9

3ceba9119b...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ceba9119b8aee5ad311a7f85a754580_NeikiAnalytics.exe

  • Size

    81KB

  • MD5

    3ceba9119b8aee5ad311a7f85a754580

  • SHA1

    f2a2d05fe741d354f25bfc950b289292786c1012

  • SHA256

    b3d93d56de1e560980741059ab6ee9a3c375d3db7209943519563b2f439381d1

  • SHA512

    65d059a2131bfe14feff74ef48be0263e567b093cd2f9b89bdaf70b7df2eee0f55227e46e1801de9246635b308c37b8ee1d353e603e8b8616a23934aba0bf595

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tUyCUyCd:6e7WpP9oVLQthbYY9oVLQthbUrt7t44d

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5119) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ceba9119b8aee5ad311a7f85a754580_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3ceba9119b8aee5ad311a7f85a754580_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
    Filesize

    82KB

    MD5

    e2646647126957d7aa1403b7a467409d

    SHA1

    942ef1aa5cb24ee860789acee78492e542893ace

    SHA256

    651ffad259e5929f2a3cbf338fd6100e590377afbc17e15f86a81eaf928a3c86

    SHA512

    0cb4c5a8877a67cd985b737fc8c802709af2e3ed7f2ab688ec52103998c5394b20210a4b8c2f8e9349d7581d143a8fdf6b788008494bba5bae270d48e773c9ee

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    180KB

    MD5

    1719f7f205e0a8a9deff2e7362c87b01

    SHA1

    db511cfa25b15474a0529507feb734c2a563e78c

    SHA256

    45374267caea7ccb6c41f1c88f071a6a1d6af9babe6ac9982acd9e920bd01cbf

    SHA512

    258031d369784f1cc21c88ef0dc79d75a6ee118105a83ccfe082c3cd3a1fc480cb38dbe237a320c9a6f809f8c9f1cce18a953ec050906c506f2865ec8f3dac44

    Download Submit