Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 16:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll
Resource
win7-20240220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll
-
Size
7KB
-
MD5
b21a84ec87659405410ddcc09c91ef90
-
SHA1
2f0404bf78971f5cdd89e743e2cfdd3ff8821b68
-
SHA256
dba1c68c6baf3cd63ba350e66c5d547762806b82f84a47de8b0eeb98d82bf93e
-
SHA512
f28bde91250f5cc2bb5cb44915710df76947bfc0c5980a2d01ea4fafbafae1a77c6cc02d18c937342edc604ffc053731b65b1facb18453bcb8df15c43dd9b74d
-
SSDEEP
192:unSR6bgYnjkHxvxt6ruzLtkeZCuZDOg828szvbv:uZAx24zZCuZD+9Wbv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28 PID 2064 wrote to memory of 2260 2064 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b21a84ec87659405410ddcc09c91ef90_NeikiAnalytics.dll,#12⤵PID:2260
-