Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

4c27a50cfa...cs.exe

windows7-x64

9

4c27a50cfa...cs.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c27a50cfa381d2248d40e22c6b7d96a0a7515c896d63d6c3af939edcbf47da1_NeikiAnalytics.exe

  • Size

    122KB

  • Sample

    240624-hngkhszble

  • MD5

    0baa01d7809442aa8211947b70aa2ed0

  • SHA1

    0377d7352dc4a8ec85e61e75ff0dc9542fd33947

  • SHA256

    4c27a50cfa381d2248d40e22c6b7d96a0a7515c896d63d6c3af939edcbf47da1

  • SHA512

    90c313025af76f0dcd8bd7efa7231b163b80298ee30eaf67d061b341ec029e0d6859fefe1c2ecdfa2060dcd8f7f3389f8d6966dd0a76c317aa166c05b71948db

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97nOTWn1++PJHJXA/OsIZfzc3/Q8IZZ7nO:KQSo7ZFZOQSo7ZFZM

Score
9/10
ransomwareupx

Malware Config

Targets

    • Target

      4c27a50cfa381d2248d40e22c6b7d96a0a7515c896d63d6c3af939edcbf47da1_NeikiAnalytics.exe

    • Size

      122KB

    • MD5

      0baa01d7809442aa8211947b70aa2ed0

    • SHA1

      0377d7352dc4a8ec85e61e75ff0dc9542fd33947

    • SHA256

      4c27a50cfa381d2248d40e22c6b7d96a0a7515c896d63d6c3af939edcbf47da1

    • SHA512

      90c313025af76f0dcd8bd7efa7231b163b80298ee30eaf67d061b341ec029e0d6859fefe1c2ecdfa2060dcd8f7f3389f8d6966dd0a76c317aa166c05b71948db

    • SSDEEP

      1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97nOTWn1++PJHJXA/OsIZfzc3/Q8IZZ7nO:KQSo7ZFZOQSo7ZFZM

    Score
    9/10
    ransomwareupx

    • Renames multiple (5261) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks