Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/06/2024, 12:13
Static task
static1
Behavioral task
behavioral1
Sample
aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d_NeikiAnalytics.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d_NeikiAnalytics.dll
-
Size
4KB
-
MD5
05fa505475e63079674ee43dfff0b2a0
-
SHA1
b9d5185691e50c3adc8b9776b5cf54c59377d0ad
-
SHA256
aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d
-
SHA512
b19f43b12b07625043c49d04afce2461adc8b8c100afe68ceb9539d16f9ac43fad5753be992035db2b2d300c925701a2fa9b264a0253f695f5d5f596404ed29b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3128 wrote to memory of 5112 3128 rundll32.exe 81 PID 3128 wrote to memory of 5112 3128 rundll32.exe 81 PID 3128 wrote to memory of 5112 3128 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3128 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aafc27b67996e2bd7463bc227f8392f306704ad5d7c138da6b293cfaeb07b07d_NeikiAnalytics.dll,#12⤵PID:5112
-