Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.05664...JC.dll

windows7-x64

7

NEAS.05664...JC.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.05664929a973272c5661325a80f77b90_JC.dll

  • Size

    260KB

  • MD5

    05664929a973272c5661325a80f77b90

  • SHA1

    9c7e1deb30f16cae66b42e385a815bfb62ec3611

  • SHA256

    117ce44e32095df219483872d4df7c6f13f62aee848779152d294857dcc53e82

  • SHA512

    7916851648055b89dd0245e67518d7e6936dca53d7206a4e0a9aeec33494be616b8b93433fa01e608211ca7df28e07baf0dfcc5a2f925d1176dd374ce5d7d1f2

  • SSDEEP

    3072:lV5J7ftwoflUgXeenxV6FUhRlugpJ+oUfgYE5G+aWqQffCFFZn156JKrdI3ams7O:b7fapZ4Oef+NE5HnKF4KrdI3amWgJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NEAS.05664929a973272c5661325a80f77b90_JC.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\NEAS.05664929a973272c5661325a80f77b90_JC.dll
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    73KB

    MD5

    9df5f7fb921486c04781cad71d7db727

    SHA1

    9ed18300776a2397e586073a95e7e992f031a25a

    SHA256

    eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

    SHA512

    1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

    Download Submit

  • C:\Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    73KB

    MD5

    9df5f7fb921486c04781cad71d7db727

    SHA1

    9ed18300776a2397e586073a95e7e992f031a25a

    SHA256

    eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

    SHA512

    1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    73KB

    MD5

    9df5f7fb921486c04781cad71d7db727

    SHA1

    9ed18300776a2397e586073a95e7e992f031a25a

    SHA256

    eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

    SHA512

    1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

    Download Submit

  • \Windows\SysWOW64\regsvr32mgr.exe
    Filesize

    73KB

    MD5

    9df5f7fb921486c04781cad71d7db727

    SHA1

    9ed18300776a2397e586073a95e7e992f031a25a

    SHA256

    eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

    SHA512

    1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

    Download Submit

  • memory/2860-1-0x0000000010000000-0x0000000010042000-memory.dmp

    Filesize

    264KB

    Download