Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 01:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7086c2c829c7898aab7c5dbd33a64180_NeikiAnalytics.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
7086c2c829c7898aab7c5dbd33a64180_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
7086c2c829c7898aab7c5dbd33a64180_NeikiAnalytics.dll
-
Size
508KB
-
MD5
7086c2c829c7898aab7c5dbd33a64180
-
SHA1
76e6791df1a7e94e785503123e0402f81b863427
-
SHA256
c7256936519dc82c8fc9e0b9f3018a15f5e72c7cf35727667c647e97462175a2
-
SHA512
7c85d6a0e299f1ed2fe3c849a9d5870818062ea74d52aaa0e0a68209842d028315003de8412ede3cf13c588175e2c439f4c7b33d78bab44e6f262bdd36ad814a
-
SSDEEP
12288:FALN1bIHc5NV8c+l9/MWZsdR4vzbnlyUKew:YVlNal9USh1D
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28 PID 2172 wrote to memory of 2284 2172 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7086c2c829c7898aab7c5dbd33a64180_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7086c2c829c7898aab7c5dbd33a64180_NeikiAnalytics.dll,#12⤵PID:2284
-