Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4c1eecc81b...cs.dll

windows7-x64

1

4c1eecc81b...cs.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 10:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll

  • Size

    36KB

  • MD5

    16dbdbbd36ceb55a8ab82c2f0a5d3b60

  • SHA1

    0f8ac2d1a5d5ba134564da7f47e4007c75895f5c

  • SHA256

    4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2

  • SHA512

    1f7c1b5f27279fbb2e27575f7c6cfade812ec95371ebca0c5bb34faf7f4e3e636e9bcee034ecb2fd9e21bd6ce7e47e30bba8421c91f329c74b63556f0996ae7f

  • SSDEEP

    768:nT3p2gGDVOLXRUZMBx8F89vv3OCL/qOnhdCXjl+/Cqb:nzk/o8F8c8SOnqY

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c1eecc81bd24970b1f2c6bbefb307cf03a8bdf850fe571f57a3d6a37702d1b2_NeikiAnalytics.dll,#1
      2⤵
        PID:4136
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1540

      Network

      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN A
        Response
        chromewebstore.googleapis.com
        IN A
        142.250.200.42
        chromewebstore.googleapis.com
        IN A
        216.58.212.202
        chromewebstore.googleapis.com
        IN A
        142.250.179.234
        chromewebstore.googleapis.com
        IN A
        142.250.187.202
        chromewebstore.googleapis.com
        IN A
        172.217.169.42
        chromewebstore.googleapis.com
        IN A
        142.250.187.234
        chromewebstore.googleapis.com
        IN A
        142.250.200.10
        chromewebstore.googleapis.com
        IN A
        216.58.212.234
        chromewebstore.googleapis.com
        IN A
        142.250.180.10
        chromewebstore.googleapis.com
        IN A
        142.250.178.10
        chromewebstore.googleapis.com
        IN A
        172.217.169.10
        chromewebstore.googleapis.com
        IN A
        216.58.204.74
        chromewebstore.googleapis.com
        IN A
        172.217.16.234
        chromewebstore.googleapis.com
        IN A
        216.58.201.106
      • flag-us
        DNS
        chromewebstore.googleapis.com
        Remote address:
        8.8.8.8:53
        Request
        chromewebstore.googleapis.com
        IN Unknown
        Response
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN A
        Response
        pki.goog
        IN A
        216.239.32.29
      • flag-us
        DNS
        pki.goog
        Remote address:
        8.8.8.8:53
        Request
        pki.goog
        IN Unknown
      • flag-us
        GET
        http://pki.goog/gsr1/gsr1.crt
        Remote address:
        216.239.32.29:80
        Request
        GET /gsr1/gsr1.crt HTTP/1.1
        Host: pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Encoding: gzip
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 797
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Mon, 01 Jul 2024 10:08:02 GMT
        Expires: Mon, 01 Jul 2024 10:58:02 GMT
        Cache-Control: public, max-age=3000
        Age: 2444
        Last-Modified: Wed, 20 May 2020 16:45:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        DNS
        i.pki.goog
        Remote address:
        8.8.8.8:53
        Request
        i.pki.goog
        IN A
        Response
        i.pki.goog
        IN CNAME
        pki-goog.l.google.com
        pki-goog.l.google.com
        IN A
        172.217.169.67
      • flag-us
        DNS
        i.pki.goog
        Remote address:
        8.8.8.8:53
        Request
        i.pki.goog
        IN Unknown
        Response
        i.pki.goog
        IN CNAME
        pki-goog.l.google.com
      • flag-us
        DNS
        42.200.250.142.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.200.250.142.in-addr.arpa
        IN PTR
        Response
        42.200.250.142.in-addr.arpa
        IN PTR
        lhr48s30-in-f101e100net
      • flag-gb
        GET
        http://i.pki.goog/r1.crt
        Remote address:
        172.217.169.67:80
        Request
        GET /r1.crt HTTP/1.1
        Host: i.pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Access-Control-Allow-Origin: https://pki.goog
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1371
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Date: Mon, 01 Jul 2024 10:41:00 GMT
        Expires: Mon, 01 Jul 2024 11:31:00 GMT
        Cache-Control: public, max-age=3000
        Age: 467
        Last-Modified: Fri, 27 Oct 2023 09:38:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-gb
        GET
        http://i.pki.goog/wr2.crt
        Remote address:
        172.217.169.67:80
        Request
        GET /wr2.crt HTTP/1.1
        Host: i.pki.goog
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
        Cross-Origin-Resource-Policy: cross-origin
        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
        Content-Length: 1295
        X-Content-Type-Options: nosniff
        Server: sffe
        X-XSS-Protection: 0
        Access-Control-Allow-Origin: https://pki.goog
        Date: Mon, 01 Jul 2024 10:11:15 GMT
        Expires: Mon, 01 Jul 2024 11:01:15 GMT
        Cache-Control: public, max-age=3000
        Age: 2252
        Last-Modified: Wed, 13 Dec 2023 15:28:00 GMT
        Content-Type: application/pkix-cert
        Vary: Accept-Encoding
      • flag-us
        DNS
        67.169.217.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.169.217.172.in-addr.arpa
        IN PTR
        Response
        67.169.217.172.in-addr.arpa
        IN PTR
        lhr48s09-in-f31e100net
      • flag-us
        DNS
        29.32.239.216.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.32.239.216.in-addr.arpa
        IN PTR
        Response
        29.32.239.216.in-addr.arpa
        IN PTR
        any-in-201d1e100net
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        80.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        80.90.14.23.in-addr.arpa
        IN PTR
        Response
        80.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-80deploystaticakamaitechnologiescom
      • flag-us
        DNS
        71.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.59.114.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.59.114.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        104.219.191.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.219.191.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        153.141.79.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        153.141.79.40.in-addr.arpa
        IN PTR
        Response
      • 142.250.200.42:443
        chromewebstore.googleapis.com
        tls
        909 B
         5.0kB
         8
        8
      • 216.239.32.29:80
        http://pki.goog/gsr1/gsr1.crt
        http
        551 B
         1.7kB
         6
        4

        HTTP Request

        GET http://pki.goog/gsr1/gsr1.crt

        HTTP Response

        200
      • 172.217.169.67:80
        http://i.pki.goog/wr2.crt
        http
        903 B
         4.4kB
         8
        6

        HTTP Request

        GET http://i.pki.goog/r1.crt

        HTTP Response

        200

        HTTP Request

        GET http://i.pki.goog/wr2.crt

        HTTP Response

        200
      • 13.107.246.64:443
        46 B
         40 B
         1
        1
      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        75 B
         299 B
         1
        1

        DNS Request

        chromewebstore.googleapis.com

        DNS Response

        142.250.200.42
        216.58.212.202
        142.250.179.234
        142.250.187.202
        172.217.169.42
        142.250.187.234
        142.250.200.10
        216.58.212.234
        142.250.180.10
        142.250.178.10
        172.217.169.10
        216.58.204.74
        172.217.16.234
        216.58.201.106

      • 8.8.8.8:53
        chromewebstore.googleapis.com
        dns
        75 B
         132 B
         1
        1

        DNS Request

        chromewebstore.googleapis.com

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         70 B
         1
        1

        DNS Request

        pki.goog

        DNS Response

        216.239.32.29

      • 8.8.8.8:53
        pki.goog
        dns
        54 B
         1

        DNS Request

        pki.goog

      • 8.8.8.8:53
        i.pki.goog
        dns
        56 B
         107 B
         1
        1

        DNS Request

        i.pki.goog

        DNS Response

        172.217.169.67

      • 8.8.8.8:53
        i.pki.goog
        dns
        56 B
         141 B
         1
        1

        DNS Request

        i.pki.goog

      • 8.8.8.8:53
        42.200.250.142.in-addr.arpa
        dns
        73 B
         112 B
         1
        1

        DNS Request

        42.200.250.142.in-addr.arpa

      • 8.8.8.8:53
        67.169.217.172.in-addr.arpa
        dns
        73 B
         111 B
         1
        1

        DNS Request

        67.169.217.172.in-addr.arpa

      • 8.8.8.8:53
        29.32.239.216.in-addr.arpa
        dns
        72 B
         107 B
         1
        1

        DNS Request

        29.32.239.216.in-addr.arpa

      • 8.8.8.8:53
        228.249.119.40.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        228.249.119.40.in-addr.arpa

      • 8.8.8.8:53
        80.90.14.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        80.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        71.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        71.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        183.59.114.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        183.59.114.20.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        198.187.3.20.in-addr.arpa

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        104.219.191.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        104.219.191.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        209.205.72.20.in-addr.arpa

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        153.141.79.40.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        153.141.79.40.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.