Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
163s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/10/2023, 20:44
Behavioral task
behavioral1
Sample
NEAS.d6ab432705bd514518f729645e9043f0.exe
Resource
win7-20230831-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.d6ab432705bd514518f729645e9043f0.exe
Resource
win10v2004-20230915-en
2 signatures
150 seconds
General
-
Target
NEAS.d6ab432705bd514518f729645e9043f0.exe
-
Size
106KB
-
MD5
d6ab432705bd514518f729645e9043f0
-
SHA1
a3a1532417ef75c310090ccce3beee8dbd21ac51
-
SHA256
1ebe42d08376ab4a7562f64818539496fb36a0cc13a6292dcdcec840047374c2
-
SHA512
d50d40d299935081a36bef4420d42aa44b9faf39107f647bf623345cda7b863e775be82d0aca5cc1d89415b5a9dc0b45e7b3fb7adeac337c00a069065485cc77
-
SSDEEP
3072:cwV4Ogy/hBmh04eZFkz7Rr0bpyyj9Tf8Xe:cMF/hILGFkzVr00yj9ou
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1132-0-0x0000000000400000-0x000000000045C000-memory.dmp upx behavioral1/memory/1132-1-0x0000000000400000-0x000000000045C000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 1612 1132 WerFault.exe 19 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1612 1132 NEAS.d6ab432705bd514518f729645e9043f0.exe 29 PID 1132 wrote to memory of 1612 1132 NEAS.d6ab432705bd514518f729645e9043f0.exe 29 PID 1132 wrote to memory of 1612 1132 NEAS.d6ab432705bd514518f729645e9043f0.exe 29 PID 1132 wrote to memory of 1612 1132 NEAS.d6ab432705bd514518f729645e9043f0.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d6ab432705bd514518f729645e9043f0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d6ab432705bd514518f729645e9043f0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 882⤵
- Program crash
PID:1612
-