Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

68b15a625d...cs.exe

windows7-x64

9

68b15a625d...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe

  • Size

    128KB

  • MD5

    cce8bba886259f03957f447bbc2046c0

  • SHA1

    81e8f474603353b3b75455e1e3bf94fd695197de

  • SHA256

    68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103

  • SHA512

    10b06cbab51c8ec4eeaf840db8acbc2cb965aed393489898aa69e4e76c6518cd555470f675303e07066186a11c88e976067e9b8eb820b21b608ff6e0502ebd0d

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8MTWn1++PJHJXA/OsIZfzc3/Q8J:fnyiQSoHQSo2

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5021) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    128KB

    MD5

    eb80eb28fe18a0f3fd0f2cacaf0e2e42

    SHA1

    7e935db6eca08a7141312156751149f18d642ae1

    SHA256

    81a5fbab922e6a50a5512ff820bfe67b0b1e86b878045fb88332d7854eee4d69

    SHA512

    9c09cace3cbceb6bc7ca147024fdc4a48b55f0690d766cd3065c093450dfa819829af519cf1935dcb73281d3cc7caa0c300c0a8c08b5f9a9f8b1b81f9ed235f9

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    227KB

    MD5

    98fa700a3e89a8800dcc7a7cfbc49c15

    SHA1

    1cc0cad6aea00377a5d7c9f6e02c3ea8030ffe0b

    SHA256

    60428f6b2611a62c93223288047c262fc162e8508e3fe4c46bfff5607ede1bde

    SHA512

    d120ca4d173d4eac45f6265f2d3e36e93606832ba43d698556b69505399b9686c599dc357206287e448d74d2736d4d0eaf3d03b21c12184a30e20e6c930a273a

    Download Submit

  • memory/636-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/636-1858-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download