Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.587c7...JC.exe

windows7-x64

1

NEAS.587c7...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2023, 15:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.587c77cfce5163e1c00da769f4578900_JC.exe

  • Size

    59KB

  • MD5

    587c77cfce5163e1c00da769f4578900

  • SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

  • SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

  • SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

  • SSDEEP

    768:Ol2qbhmBvdoBCnS5e5GPU1CK3fJjg/UvZzddqoj+YzZ43VgQ3nb+txkiYkxYPhji:Ol2ijQCQBrR1j+YzqhSfk5kIFZ83h

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 63 IoCs
  • Modifies registry class 54 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.587c77cfce5163e1c00da769f4578900_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.587c77cfce5163e1c00da769f4578900_JC.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4388
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:3292
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\NEAS.587c77cfce5163e1c00da769f4578900_JC.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:4980
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:1764

Network

  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.111.26.67.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.111.26.67.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.73.42.20.in-addr.arpa
    IN PTR
    Response
  • 124.25.72.160:139
    urdvxc.exe
    156 B
     3
  • 124.25.72.160:445
    urdvxc.exe
    156 B
     3
  • 124.25.72.37:139
    urdvxc.exe
    156 B
     3
  • 124.25.72.141:139
    urdvxc.exe
    156 B
     3
  • 124.25.72.37:445
    urdvxc.exe
    156 B
     3
  • 124.25.72.141:445
    urdvxc.exe
    156 B
     3
  • 124.25.72.15:139
    urdvxc.exe
    104 B
     2
  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    254.111.26.67.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.111.26.67.in-addr.arpa

  • 8.8.8.8:53
    26.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    26.73.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    59KB

    MD5

    587c77cfce5163e1c00da769f4578900

    SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

    SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

    SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

    Download Submit

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    59KB

    MD5

    587c77cfce5163e1c00da769f4578900

    SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

    SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

    SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

    Download Submit

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    59KB

    MD5

    587c77cfce5163e1c00da769f4578900

    SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

    SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

    SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

    Download Submit

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    59KB

    MD5

    587c77cfce5163e1c00da769f4578900

    SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

    SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

    SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

    Download Submit

  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    59KB

    MD5

    587c77cfce5163e1c00da769f4578900

    SHA1

    7aca81479914d7e70d12aeaec2fc4777764df616

    SHA256

    4549973a16a5abc61be21508a283f5d11eed0d68f855a3c7154cfde1993a26f5

    SHA512

    fcf996d340d55ec21f4be23c2c00326ade0e884d4efae3e05ebdad7685c8f17baff2638074f25559e6698f7d9d952dc5b488c38822c82263ae79f9d790082273

    Download Submit

  • memory/1764-43-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-62-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-12-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-353-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-14-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-15-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-16-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-20-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-44-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-22-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-23-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-24-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-25-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-80-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-79-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-28-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-78-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-77-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-76-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-75-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-30-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-31-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-32-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-33-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-34-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-46-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-36-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-37-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-38-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-39-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-40-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-41-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-42-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-74-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-21-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-47-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-35-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-45-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-48-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-49-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-50-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-51-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-52-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-53-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-54-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-55-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-56-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-57-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-58-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-59-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-60-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-61-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-73-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-63-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-64-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-65-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-66-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-67-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-68-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-69-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-70-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-71-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1764-72-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3292-10-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3292-13-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3356-1-0x0000000000440000-0x000000000045F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3356-27-0x0000000000440000-0x000000000045F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3356-0-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4388-8-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4388-7-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4388-6-0x00000000001E0000-0x00000000001FF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4980-29-0x00000000001C0000-0x00000000001DF000-memory.dmp

    Filesize

    124KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.