Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe

  • Size

    2.9MB

  • Sample

    240627-ec4zws1ckg

  • MD5

    bebae592220aa231f6cdff30d1a6a460

  • SHA1

    3f632a61e74f9ea293b19206fe31087718c4fc0e

  • SHA256

    47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971

  • SHA512

    8ce45e753d333eca3d6f91cf6dfc6e6ac5a4c3f243bbe74386a0257f8b936d83de82e029b58f3e7f9051f6d6d8eb76c503f0043c38ebd4895aae227307e3a67f

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIiGuJ:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RF

Malware Config

Targets

    • Target

      47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971_NeikiAnalytics.exe

    • Size

      2.9MB

    • MD5

      bebae592220aa231f6cdff30d1a6a460

    • SHA1

      3f632a61e74f9ea293b19206fe31087718c4fc0e

    • SHA256

      47988be2829073088fb523ec7f1dc37247531ffcab175f845cf1a2f1d5b12971

    • SHA512

      8ce45e753d333eca3d6f91cf6dfc6e6ac5a4c3f243bbe74386a0257f8b936d83de82e029b58f3e7f9051f6d6d8eb76c503f0043c38ebd4895aae227307e3a67f

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIiGuJ:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RF

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks