Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24/05/2024, 04:15
Static task
static1
Behavioral task
behavioral1
Sample
a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll
-
Size
81KB
-
MD5
a48930ad049225365660c5a4cef4ed20
-
SHA1
7fe7c8da23a7e9c8865ac4243cbcccd22e021c92
-
SHA256
2ad32ce97080c30b22ff49651d045ddf59f7af5b6f79f50cfac21cdbf115d044
-
SHA512
52df21ef9ec057fde6bc94576279a0e308795bc716591a9c2d9d622c6123488cb8da3d88610c43e38b1e58c171b86c5ca6cbacc3b483eca9da3708bbf236b230
-
SSDEEP
1536:VByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8W5:wv4JKXTx71wnArSsXFpeXq8W5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28 PID 2356 wrote to memory of 1248 2356 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a48930ad049225365660c5a4cef4ed20_NeikiAnalytics.dll,#12⤵PID:1248
-