Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 09:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll
Resource
win7-20240220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll
-
Size
476KB
-
MD5
5d4bd164346f789b68ffe72634254b70
-
SHA1
992c60bcaaa9a375a2d0953c20fb3334dae8fc3b
-
SHA256
83011bb743ec05deaf4311ac7ed8f18ce1d829afdabda1f78e62a828d31dabd1
-
SHA512
a2c279a0f757ac5a0cc72a0bc1c5b4cd91a5e65a824d403cf4ad4e766ba4be47829a1bbb8e54a148378d87eea8e905b4f9239690ac5481569d961645d502b719
-
SSDEEP
12288:hfkwSzRY+6tghM1eI+mJrKaLIZnQqmE1:W/ROB/ZIZQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28 PID 3064 wrote to memory of 2268 3064 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d4bd164346f789b68ffe72634254b70_NeikiAnalytics.dll,#12⤵PID:2268
-