Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1b9b73d02d8c1285cb40dd8c6c26dd071c21c981a0a4861d7a502a0855c9f5b8_NeikiAnalytics.exe

  • Size

    1.7MB

  • Sample

    240630-1ezc3szbmk

  • MD5

    e17f89504f7845753db66aa5385e27d0

  • SHA1

    42e79cd15381166939b984110d76ebf0e06fea80

  • SHA256

    1b9b73d02d8c1285cb40dd8c6c26dd071c21c981a0a4861d7a502a0855c9f5b8

  • SHA512

    8260be96fe3c19b0a76ddcd1b8ebf8c8562ad47ac3ed638505db6e0ad64504e50c648b38aa7a6fc10d76a83093c5bbb4fd2064aa78e9ff60a58e9d646d31135a

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoMc:Lz071uv4BPMkFfdg6NsOkc2Ec

Malware Config

Targets

    • Target

      1b9b73d02d8c1285cb40dd8c6c26dd071c21c981a0a4861d7a502a0855c9f5b8_NeikiAnalytics.exe

    • Size

      1.7MB

    • MD5

      e17f89504f7845753db66aa5385e27d0

    • SHA1

      42e79cd15381166939b984110d76ebf0e06fea80

    • SHA256

      1b9b73d02d8c1285cb40dd8c6c26dd071c21c981a0a4861d7a502a0855c9f5b8

    • SHA512

      8260be96fe3c19b0a76ddcd1b8ebf8c8562ad47ac3ed638505db6e0ad64504e50c648b38aa7a6fc10d76a83093c5bbb4fd2064aa78e9ff60a58e9d646d31135a

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoMc:Lz071uv4BPMkFfdg6NsOkc2Ec

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks