Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 20:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1cdb159cecc1822570997f5f6fb36000_NeikiAnalytics.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1cdb159cecc1822570997f5f6fb36000_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
1cdb159cecc1822570997f5f6fb36000_NeikiAnalytics.dll
-
Size
6KB
-
MD5
1cdb159cecc1822570997f5f6fb36000
-
SHA1
e47584506b1c5935c9216438f3a025f8a0e647c5
-
SHA256
6717fc6b4a1e1e3936ca34ed026a3e1a4c512eafb813db470b752c292494c557
-
SHA512
bb6a3fa9f0c3c7b343223fcdc43a5e946e9e50d4bb247478398b156c55f52311d7f204607c656fef1c7301b7b6deceaf9b8ac5eafcb2542227021d2638a88f41
-
SSDEEP
48:63mll5YVOa9VUX1iwbQWu0qB+BDq9J5SH:VDa9VUX9bQWKB+FqX5SH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4400 wrote to memory of 3192 4400 rundll32.exe 82 PID 4400 wrote to memory of 3192 4400 rundll32.exe 82 PID 4400 wrote to memory of 3192 4400 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cdb159cecc1822570997f5f6fb36000_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cdb159cecc1822570997f5f6fb36000_NeikiAnalytics.dll,#12⤵PID:3192
-