Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 08:48

General

  • Target

    8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe

  • Size

    93KB

  • MD5

    846fe0c8e2f2bc32ebe47791c591a100

  • SHA1

    84273d2527f03baae96de3ba439a1600e8af667e

  • SHA256

    8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab

  • SHA512

    d431010c169f09b238d1649e68a9c0ca39d8626337de9757621da7e86c78f66ea2c8144accac73e2ccae7273d293e60789feda93dc3640942894685d47a69007

  • SSDEEP

    1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSsktFElEM:6e7WpP9oVLQthbYY9oVLQthbUv+W2M

Score
9/10

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    93KB

    MD5

    c192f5ef9a09234b27ab48ebe98d7161

    SHA1

    13edaecba66835d95687a765f7531bb5b4534f65

    SHA256

    526fb95b84d9ad4967661721a335a9b7029649c36b99556c07770ec710a8c4d2

    SHA512

    43c4e2f39abc6a1ee64548bd50920598a438b882f855aa4f024c9154f9f25341bb3941fd48a37fb398e84332cdade3c434c08388dbd4d60ee085e43cecdde95a

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    192KB

    MD5

    c96bfa4d80cc737a0a7ff13c531c8bcc

    SHA1

    e7cf35d90a929befe5056b62e1e54b5b18feb701

    SHA256

    6ad228c78916eda7a4f785ba860f994471e032247976baf4abd43b4bd64339e5

    SHA512

    bfbcef0b349ab434c16ffd935519eabb8e95346209891fb9180b29fb84dc1f05e9bd1e99ab10c36a60b91614dcc52b33288bb826066069808e9aa457921675a3