Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6c90c1edc7cda15eb6c7860ddf3e070_NeikiAnalytics.exe

  • Size

    196KB

  • Sample

    240616-fjxd3azhna

  • MD5

    d6c90c1edc7cda15eb6c7860ddf3e070

  • SHA1

    c0f533eb923e8df3771d0821f8845c6c06c609bd

  • SHA256

    77f9e86a000454810dff45d4bb41781ca15e81b23042b153429c09094582b8d2

  • SHA512

    451752902edf9f0a46a8d8f82f15cf39ed411f7e5a8e55cd999b4f1bebdd4ee66e57c4ffec17ec8095dbad742274bd8a6859134b8368586901a2671dc678da67

  • SSDEEP

    3072:xW2YjwRu8geFoFGs5rIvj6LwXKda1+ZSEPCJNUY7f12gQmA5U6QIUMDTsn:xW2+wR3BkWv+3aY0xD54HMn

Malware Config

Targets

    • Target

      d6c90c1edc7cda15eb6c7860ddf3e070_NeikiAnalytics.exe

    • Size

      196KB

    • MD5

      d6c90c1edc7cda15eb6c7860ddf3e070

    • SHA1

      c0f533eb923e8df3771d0821f8845c6c06c609bd

    • SHA256

      77f9e86a000454810dff45d4bb41781ca15e81b23042b153429c09094582b8d2

    • SHA512

      451752902edf9f0a46a8d8f82f15cf39ed411f7e5a8e55cd999b4f1bebdd4ee66e57c4ffec17ec8095dbad742274bd8a6859134b8368586901a2671dc678da67

    • SSDEEP

      3072:xW2YjwRu8geFoFGs5rIvj6LwXKda1+ZSEPCJNUY7f12gQmA5U6QIUMDTsn:xW2+wR3BkWv+3aY0xD54HMn

    • Renames multiple (176) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks