Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14/10/2023, 19:17 UTC
General
-
Target
NEAS.dd38841a447bead5b8beabb267592510.exe
-
Size
5KB
-
MD5
dd38841a447bead5b8beabb267592510
-
SHA1
6b14e1db4af724dc90d4ac4f1b448534b08c27f1
-
SHA256
ab7f93b129946c311d08f101414530ceafaa15365c06522264b29ac7e9512f28
-
SHA512
f2e2a39da93258570e9f28be0db4d3fc1510ae05f24ae6a3159509e4e90bcd9eb3c521a16558f46b6149c49d897da0c32a23871a8bbc22006181fab09ba5e6d5
-
SSDEEP
48:6MjtHxWXZR/4plYRWhxeXzu6fvQJrONvTrg7GtGd9d/9orw2d03z:xtHwXZJ4plYRccjrfYJrO9Tr3aor
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dd38841a447bead5b8beabb267592510.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231015T091756_106.exe2⤵
-
Network
-
DNS20231015t091756_106.ltiapmyzmjxrvrts.infoRemote address:8.8.8.8:53Request20231015t091756_106.ltiapmyzmjxrvrts.infoIN AResponse20231015t091756_106.ltiapmyzmjxrvrts.infoIN CNAMEltiapmyzmjxrvrts.infoltiapmyzmjxrvrts.infoIN A54.37.238.86 -
GEThttp://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exeRemote address:54.37.238.86:80RequestGET /v4/20231015T091756_106.exe HTTP/1.1
Accept: */*
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: 20231015t091756_106.ltiapmyzmjxrvrts.info
Connection: Keep-Alive
-
54.37.238.86:80http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exehttp
HTTP Request
GET http://20231015t091756_106.ltiapmyzmjxrvrts.info/v4/20231015T091756_106.exe
-
8.8.8.8:5320231015t091756_106.ltiapmyzmjxrvrts.infodns
DNS Request
20231015t091756_106.ltiapmyzmjxrvrts.info
DNS Response
54.37.238.86