Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.55c6b...JC.exe

windows7-x64

10

NEAS.55c6b...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 15:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.55c6bc0fcf1273e5bd775d923a5af154_JC.exe

  • Size

    130KB

  • MD5

    55c6bc0fcf1273e5bd775d923a5af154

  • SHA1

    3576a15b10efe2629f20163464dfdca1484e70d1

  • SHA256

    a0eaab26f23b7b15963b01ac89ff3e5c79d90cab54f8d986e20b64cfab1da081

  • SHA512

    ca27591219fd3a50308321e1f3f339ec26d75f7b6ec9dcd79a1c3d7b62545d84d90e708f89191740bfc1cd7819c25c50893142d28386fda645383a740260f058

  • SSDEEP

    3072:tY9CUT62/UOVMgJsgJMgJogJwgJ0zqgJ01J3RgJ01JygJ01JK8gJ01JK2gJ01JKM:tY9C8QyFJlJFJRJZJqJyJ3CJyJbJyJWc

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.55c6bc0fcf1273e5bd775d923a5af154_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.55c6bc0fcf1273e5bd775d923a5af154_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    130KB

    MD5

    3e0a242f9156da377df609fed9762f5d

    SHA1

    b498331c49257c69be5f6f9cab03e7f368674e09

    SHA256

    0b1f16f68021d93cb0bef56d202878e20570c54b5f5304573f9ea7013e1cf9f3

    SHA512

    7136666357dd859f7755a809392cb11122ef5a85197f7575bfe9e593e44452724d8c66a8165c6990ba1a57ff0097efca70ab1e687326f7122931ebd402842d23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    130KB

    MD5

    3e0a242f9156da377df609fed9762f5d

    SHA1

    b498331c49257c69be5f6f9cab03e7f368674e09

    SHA256

    0b1f16f68021d93cb0bef56d202878e20570c54b5f5304573f9ea7013e1cf9f3

    SHA512

    7136666357dd859f7755a809392cb11122ef5a85197f7575bfe9e593e44452724d8c66a8165c6990ba1a57ff0097efca70ab1e687326f7122931ebd402842d23

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    130KB

    MD5

    3e0a242f9156da377df609fed9762f5d

    SHA1

    b498331c49257c69be5f6f9cab03e7f368674e09

    SHA256

    0b1f16f68021d93cb0bef56d202878e20570c54b5f5304573f9ea7013e1cf9f3

    SHA512

    7136666357dd859f7755a809392cb11122ef5a85197f7575bfe9e593e44452724d8c66a8165c6990ba1a57ff0097efca70ab1e687326f7122931ebd402842d23

    Download Submit

  • \Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    130KB

    MD5

    3e0a242f9156da377df609fed9762f5d

    SHA1

    b498331c49257c69be5f6f9cab03e7f368674e09

    SHA256

    0b1f16f68021d93cb0bef56d202878e20570c54b5f5304573f9ea7013e1cf9f3

    SHA512

    7136666357dd859f7755a809392cb11122ef5a85197f7575bfe9e593e44452724d8c66a8165c6990ba1a57ff0097efca70ab1e687326f7122931ebd402842d23

    Download Submit

  • \Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    130KB

    MD5

    3e0a242f9156da377df609fed9762f5d

    SHA1

    b498331c49257c69be5f6f9cab03e7f368674e09

    SHA256

    0b1f16f68021d93cb0bef56d202878e20570c54b5f5304573f9ea7013e1cf9f3

    SHA512

    7136666357dd859f7755a809392cb11122ef5a85197f7575bfe9e593e44452724d8c66a8165c6990ba1a57ff0097efca70ab1e687326f7122931ebd402842d23

    Download Submit

  • memory/2016-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2016-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2016-10-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2144-12-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.