Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
21/10/2023, 21:25
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe
-
Size
46KB
-
MD5
8803c8448e0a9a466dfe25d2a2dd9990
-
SHA1
fa926b5ecd931e56cf79057bfae822631d47b519
-
SHA256
a19cb795f74e7b3bc8879eb8a5d4f2a3fa1275daacdfd334c69627de1f12932b
-
SHA512
43349468c8ddda0ecd681b8953783db8bf1d63badfb79cdc722e9a4c28d5977d59adf8806ba9645afb3c6f1d855f2595fcd042c4ec845e3dfa2bf0d101f2ada5
-
SSDEEP
24:ev1GSeQ5nr2lGuAWfrIEC12Vliw0Gg/jITM3RNqmD3CwDAyoMQ78Iy0wsU/Di/A/:qe+2u2bCo0rITM3RN9vkdMMPyQU/DyA
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2056 2164 WerFault.exe 5 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2056 2164 NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe 27 PID 2164 wrote to memory of 2056 2164 NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe 27 PID 2164 wrote to memory of 2056 2164 NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe 27 PID 2164 wrote to memory of 2056 2164 NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.8803c8448e0a9a466dfe25d2a2dd9990.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 362⤵
- Program crash
PID:2056
-