Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

NEAS.11bfb...70.dll

windows7-x64

3

NEAS.11bfb...70.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    90s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/11/2023, 02:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll

  • Size

    1.1MB

  • MD5

    11bfb7d14dcf76506fe0b27f5edaf470

  • SHA1

    2870d8dbfc0b9d7f0ede8ad0c64f64252ce1cb54

  • SHA256

    319169e51dd4b0daf9b1f7789679d70791ed1acf92fcba2c0596d84a667e8c9e

  • SHA512

    e13f27bd3a60d91f459791b88fb97d693313f7ce15d30c3c798512d10e4e585ec39738d948fc19176cba8661fc7ba8b6c582a6ed8d0fb09bbe8816915f30a0ca

  • SSDEEP

    24576:iFDe+T1zY4PABNnCmtfKxhqtyZTbm/KMZvTQaFD43WAp0E7ch:Sy4I/DtTQv3Rp0E7c

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.11bfb7d14dcf76506fe0b27f5edaf470.dll,#1
      2⤵
        PID:4732
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 624
          3⤵
          • Program crash
          PID:3524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4732 -ip 4732
      1⤵
        PID:3456

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads