Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25/06/2024, 10:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll
-
Size
5KB
-
MD5
4438455f94f5e7f7de97c95898724940
-
SHA1
012a535e1df0d65a1d0b3746bb810ac5c87e5da4
-
SHA256
556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa
-
SHA512
e6d0b59011d8485615a201bec92b24cd29f4fbd4169b1612419b3ebcc7d5f0962313834a8d5e9dd4cfd7681a990183e274de65a0eec661b764721dae1332d939
-
SSDEEP
96:hy859x0P8MaYM/VvCE24pR4JOpnn2K/a5AG6l6Uvs:F5oL4tvBpR4JOp2KS2Gg6Uv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28 PID 2276 wrote to memory of 3068 2276 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\556062664898c20a0757fac4d9f37cfa7dd7d98e6b8ef2481fda34f82ddc0cfa_NeikiAnalytics.dll,#12⤵PID:3068
-