Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

NPE.exe

windows7-x64

1

NPE.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    26s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2023, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NPE.exe

  • Size

    16.2MB

  • MD5

    ddfc82cf4eab81965e3ec8ca8915b00a

  • SHA1

    1e5b94be6922e6198afe39a7fc695db291bffcf6

  • SHA256

    4819d87fe9d0d0485fe85a3843a3e3ecd61ebe50a115dad01ec10275272be82a

  • SHA512

    ac08fa6aa1e55a653ad48305bf19c346d0a82a30830ae5b8c84d557e44c57511e39c68deb786044481074fb694d3827f66cb66862ac52fb4437663e82d64ba42

  • SSDEEP

    196608:dm9mJUAMfMvgTz2ENNFV8pYrqNpEdYo1NTXPJb:sCMfMQz2Ev8+rqNp1yXPJb

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NPE.exe
    "C:\Users\Admin\AppData\Local\Temp\NPE.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Norton\NPE\NPEsettings.dat
    Filesize

    2KB

    MD5

    f3502de4f124e58b4fc68199851b87af

    SHA1

    771f4c2a614dc92adc1bfa346c6fcbe63d7811bd

    SHA256

    9bacb246a22d1882303fab05ad9db6bf341c2ecbfab09c5f1b2d9869eab1b39a

    SHA512

    2683ff565ebed265f9eebee4d41e2d24b8ba89a96f7bb3dc32c213b0d3baa72b07419d4e0cb0a17bcf5899f4853e85de33032b83f581a8a9ba5e331074675852

    Download Submit

  • C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat
    Filesize

    2KB

    MD5

    33b7fcdd01c58b58ebb1595a2f77d284

    SHA1

    f65b84a9fdc4e3e1ed61c83d7bae49a2b24be42e

    SHA256

    74b1022c1c86cd13eb8005ef400ce28c1a23a14bc288cb1eb83ef28d753cbeaa

    SHA512

    f6f42d34e8f474bb2e17bc076ba16231eda300a81d232e1c8068e67d0495b7fe2c91ab9b121988a99f6f73383bee2a799026f37d63e03208a2b970cbb6e7cf12

    Download Submit

  • C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat
    Filesize

    4KB

    MD5

    15fa3249d6231b7e0fa5be40f719fcc5

    SHA1

    1da392a0e626b2ec6a6d1268c471174cb64050c7

    SHA256

    3b1a172270373bf1ad8e28fe30e27ee73053c913883471d084db8f58b77edca1

    SHA512

    135315a3950dd19461e58c068aae602e1ba6f8fa26bd3fe57a1b96dbfa124b5de885294af75a45457b454614fefca427c4ae6c7e72b9a2ae7840382dafbb0a2a

    Download Submit

  • C:\Users\Admin\AppData\Local\NPE\ErrMgmt\SQCLIENT.dat
    Filesize

    5KB

    MD5

    2a5d1e48d165c33d4395a5014f0d12d3

    SHA1

    41212a5826df17b6b1371a91c400205c9566a901

    SHA256

    d6d503abe8858e429c1a43af7e8eda390d91d6ebdc4c7065970da8769ebbf22a

    SHA512

    4b9c634a81281ca6af0c6c6201038a9076db4c9cf5c3dd93191879e08c3241b3c82986f57a1da6e83bb891d45266f1cf9afd829eb2b46dadd3c14844ffa5bc02

    Download Submit

  • memory/920-92-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download