Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 08:12
Static task
static1
Behavioral task
behavioral1
Sample
d8f3e3a7c91378f1b014cfe8d86f9dd0_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d8f3e3a7c91378f1b014cfe8d86f9dd0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
d8f3e3a7c91378f1b014cfe8d86f9dd0_NeikiAnalytics.dll
-
Size
81KB
-
MD5
d8f3e3a7c91378f1b014cfe8d86f9dd0
-
SHA1
81b0fe4425c555a3addb8010fc390d8840bae415
-
SHA256
2095bfa6459d0ad12e3b37b772c4fa336ba61d6bd7f27aa844af8a27f6423ce8
-
SHA512
1d93d5f8a90577d0dc020b844ae1aaaf7b50bf24131db37c6a474f51ff6339a3d7b501f29b38c833e1fa4d0f71e0add8c4f072d027006198d749e6925cbdce00
-
SSDEEP
1536:CtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WM:C4v4JKXTx71w0ArSsXF3enq8WM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1544 wrote to memory of 5104 1544 rundll32.exe 83 PID 1544 wrote to memory of 5104 1544 rundll32.exe 83 PID 1544 wrote to memory of 5104 1544 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8f3e3a7c91378f1b014cfe8d86f9dd0_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8f3e3a7c91378f1b014cfe8d86f9dd0_NeikiAnalytics.dll,#12⤵PID:5104
-