Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/05/2024, 18:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
07396b5f0f3d2a7ac5257ab0c19d0d00_NeikiAnalytics.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
07396b5f0f3d2a7ac5257ab0c19d0d00_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
07396b5f0f3d2a7ac5257ab0c19d0d00_NeikiAnalytics.dll
-
Size
4KB
-
MD5
07396b5f0f3d2a7ac5257ab0c19d0d00
-
SHA1
50a16d288d1d08b1b586f0cd59deeb7bd83456b7
-
SHA256
889f7316891d2228ac7cd53700739da61f34b07f364eb7d5a0445afe93ebc78c
-
SHA512
c91893527b4239a01ad90f3b77d1f2534006189a8477967e68f0837757b485c63be39b240d593470b6135fe7db826f9bdf16cd4bedfeae7f3e64f16396d203e0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28 PID 2724 wrote to memory of 2884 2724 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07396b5f0f3d2a7ac5257ab0c19d0d00_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07396b5f0f3d2a7ac5257ab0c19d0d00_NeikiAnalytics.dll,#12⤵PID:2884
-