Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 14:01
Static task
static1
Behavioral task
behavioral1
Sample
528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe
-
Size
1.3MB
-
MD5
528fd3c375d3505189a1e3013280f590
-
SHA1
4eba20d953d0a9fa781570ae6b103938b1e5e9b9
-
SHA256
5819af9b1a8a016946bb8189e0e3a9589aa65a515e139ba5363a73156d631e2b
-
SHA512
3f735090f470cb6a2647a92c4d9cef103a42c6d8deedd51ec5554d031598ad375d082903ea77802f7b37c0bcfa7955ba502cf6df55180d52606abd5d08460edf
-
SSDEEP
12:eqGSGXuXKHJGhym3MAdnuFaX66h1xU8tlxTEEOa/qT1CDBpp48n/L+RW8n:eqGSQLHJGl8YkaqCzXxoEp/oMDBVz+J
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2216 2248 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2248 wrote to memory of 2216 2248 528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe 28 PID 2248 wrote to memory of 2216 2248 528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe 28 PID 2248 wrote to memory of 2216 2248 528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe 28 PID 2248 wrote to memory of 2216 2248 528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\528fd3c375d3505189a1e3013280f590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 362⤵
- Program crash
PID:2216
-