Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
01/11/2023, 14:16
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll
Resource
win7-20231025-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll
Resource
win10v2004-20231025-en
1 signatures
150 seconds
General
-
Target
NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll
-
Size
1.8MB
-
MD5
a3a57cf7e850f6cd02286d536b8b0150
-
SHA1
4a8b28f1a25377414a82dc60b0bf1943d19c055a
-
SHA256
294ac16b0cb7af89ade8e269008e3482fb60d81997c3ddf9cf66f8d9a0adf320
-
SHA512
58d9053d4c8a143a9c132a3bc88b25ffa586a48eaf6d79db4f0f295f00d544c97c6f3969f41b08fea8504460ee0fe322acaa873f0f423e0446fe1c6318cc4ee4
-
SSDEEP
49152:I38e6GdNIXj1xQWIGeY1I578jgiClCVm4qSw:YYtJIGeYeDbh
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28 PID 2332 wrote to memory of 2392 2332 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.a3a57cf7e850f6cd02286d536b8b0150.dll,#12⤵PID:2392
-