Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 22:48
Static task
static1
Behavioral task
behavioral1
Sample
1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
General
-
Target
1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll
-
Size
490KB
-
MD5
31a1dbdd689a25d9edac91858bada050
-
SHA1
4f1f01006d1e9e6fcc2d8b54e2cee4a623213a70
-
SHA256
1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed
-
SHA512
a615f322a1e8298150441a002ec94a71e75d9c1042a6364166bf9902d99f3d847e1b6dcb2a43f9d1d39da21fc5d11551036d83c2b0fb0403c6ded6e59272a76a
-
SSDEEP
12288:pTkyQAdz5tk4Wk6Yvs19rTSiKU84g9o7QGy0gM:b9VWJ1dPRuo7QGY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28 PID 2820 wrote to memory of 2096 2820 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d4c5a791747a44f9e1448ab9c7811d4a383bfa8e4191058921c0461eed995ed_NeikiAnalytics.dll,#12⤵PID:2096
-