Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
13/10/2023, 16:50
General
-
Target
NEAS.NEASNEAS5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dcexeexeexe_JC.exe
-
Size
348KB
-
MD5
01b925b499a5bc1e9d7a2f93d8ac0c65
-
SHA1
d26e14bd928d6bcbbd67c482875bcfe6bf98ca2b
-
SHA256
5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dc
-
SHA512
d2718cc7cb1cc26674f9c19807a9414450a45c4ab1b156722740e49263469ab5831c5386e2e7e71fdbf0509bd0962f80a730ead83ab63a1feb3fffb06075e863
-
SSDEEP
6144:ZeR7eammRd3K+q9KiocO2WTYqh8YE6ALJf9odH7MxbyElT43u:ZeRtBRXq9LocO2WTYqhjBMM73El4
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 1 IoCs
-
Delays execution with timeout.exe 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 45 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.NEASNEAS5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dcexeexeexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASNEAS5f6110fdf11e888a353ffc60086f15c12deb42a07eec9d8b842589bfa67176dcexeexeexe_JC.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c difficspec.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.com/2luJX13⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\difficultspecific.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\difficultspecific.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\callcustomerpro.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\callcustomerpro.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exe5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c timeout /nobreak /t 3 & fsutil file setZeroData offset=0 length=169471 "C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exe" & erase "C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exe" & exit6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout /nobreak /t 37⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\fsutil.exefsutil file setZeroData offset=0 length=169471 "C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\callcustomer.exe"7⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\calllcustomer.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\calllcustomer.exe4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD56b260880ada142319bec1c6017ec0006
SHA1b86389567da4e428cb5619815b04bc18dd083bc7
SHA25668c6c7b7f272815027c3eb36872865762ed44cc525692fe00e36f8481738c6b1
SHA5125996654f6073a767d30a40c09723216ec63ea536984a90f94c16c0db2346bf6270701bd6104e15c209eea7fae39f21506d5410f838be768e33499cc2440ccc97
-
Filesize
344B
MD57468e7f34ab34e65ed63e1c094ff484e
SHA174229c2b93ab7243de694554e92fe6fef4ea6e18
SHA25668869b2b62524c616a941514a8ecaf04a573a93995a13c17ef542e644509467a
SHA512360679dde51d387543ec52e58c64f4ddee1ddfccd51d64939f119150b270caa6fc20118cae21684930d5f50f00b1f13c9530d615309c5c4ed7da734272744653
-
Filesize
344B
MD54bf65e4dc1afee6bd2ff95375738fc5a
SHA117d0799c93bce005d8175eaf16cf94aca59ff10f
SHA256c958a8256dbe97625a3344c3736618b80382965957174bfadffb912f08a0fff7
SHA5124022013a4c2db43cd268533a4625e4e0bf48583af2038eadd93c42f836961b754051ba08440574dc42768ef42e4fa7d1d1a6f2d28dc9f5aa7f84c33dde0617c0
-
Filesize
344B
MD5e708a27deb99031339ab3de1d199e7af
SHA1a9772927ca1e6e8285d401261573698a78d4a0ca
SHA25624451e622747a306b612ab0742d209a1690a828e687a2f589b57b2d9eb1d7c77
SHA51207e22f991fbbf0e44dcd8bf23fa95fe9b2ada86be9096b910c2220ec49f3120aa81801bdc39aba9c601ecbc075db0ef6a7ed80626e06b181fdf0cdd39b4e2e33
-
Filesize
344B
MD555daf4a7d84096702dbc78d16e8cec85
SHA1a3ff6b1a0ac88a8d73fb21c721742528842083f7
SHA2563e4f967e19f57e93b8c802e14201de56be442bfe9ef3813266e396db9b5f0841
SHA5128e35824f0a2c738c9292551572550271070bc6b9c66c6fbbe1d9e084ab90a57ceb40ebc477f1f9ddb204adcfe8e92c24eedbe38c4719a471fa61b132329b90e6
-
Filesize
344B
MD525747477a5f2da3216035603b0b549c4
SHA1fd5fdabbdb6d678f71174fa5dd62e5b6e46b69c2
SHA256ef05e03c6678b83f8cee04408fe67b22aaacc833b3dca84e4506f52a56d4fe03
SHA51286419962907dd092df735e46e8a0b8877c2eb2334ed2b93ab2ab21032ad216bf5901826605ab97c91ae1609dd9aabb538dc03236481d0384e24451f7e38a2148
-
Filesize
344B
MD5ef9fdab4606e6e66aa12456676c79453
SHA17bb12e871a23e0d0a14effa9e01aaa37cbfc3880
SHA2565a3fbb0b8778c5ead51ddb23260101fdc0e1ad5d6153f942203bb7778bb14945
SHA512d15a72eaebfac4c9d85da8c72fb23504eb25d379b12cd6ca8f4379e54040e75e4c173461c1faf6fc5c88655975787f6315c40594a7247fda9b951b4d5ceeb487
-
Filesize
344B
MD517745e42175a9a979e5bfb8137d482e1
SHA1dfec1953a3d49ad76090262c5edf5f769707d823
SHA256b28bb93e50e88aca8d79d2072ebab00d9e24a78f6c3497c69555cc7a32505e24
SHA512a7e448d5e3cc2f9aa6fc91a52c41d42024da1130a0885e8c1eaf4f04ad69cd19faf4c7f6ef63ca912f43f9ae6c6196cac36e8adba434d896eafe3fc6b0f59399
-
Filesize
344B
MD50e8ce7a2974ad8dcd1776f30ad054e42
SHA1d1d10a6d0a9e81bdedb570acd04126afd230e5cc
SHA256e99cdb4299689afe14bcd114b3a38aa6d8539c95d1f1cee580576c8c66974ad3
SHA5128f977a48c7287922dd313a1480ccd3e416792371dd078aa006e0015a7fff8f34ba873358fe4d540bccf70d56bb256b5625c935c0126a5ab2d2d2bc7e651dff75
-
Filesize
344B
MD50cde5b0e1b1f37e276d70fd02a725faf
SHA1a240aaff366a0fbc72ec61ee4cb0d5621d613983
SHA256a541da88415ac61a6c984924a7b638b0e2abaac9ee53bc9fcfe244d35d7e7845
SHA51297900b35256eab66f5abfa0ca033eed4b4268bca6e59c84a03300530a776da2b0cb1a7a8ffe6109a87d05da429d1af6e68a2ed3c8e228ca38436cdfd6f741dbe
-
Filesize
344B
MD5819323b908dcc8411152fc191131b1b2
SHA1ee84d1089a985f40f8f0fd6a6a25d50b76d91027
SHA25677af54ea660ee4853d7d320931fbc9bf1c4300c1bf3720ce7444851626b7eadc
SHA512a3462ccb07f8c895e841da37996cedc77d51d85e0ef57283cafdbba4bae925277c870016f0fe924b94b53389f486cfd13bd4b49d59a5c67fd4c5cabb6a99ac7d
-
Filesize
344B
MD522a0fe0e5a9d010a5456a40e8fda1f24
SHA10c9837de155df049f23ced178963155330ea8672
SHA256095fa84fe1c5dd09fbb4f972b8a6908b1f3f6c143be48a25eb8201eab2381466
SHA51230a611a52eed9a6a4fe7d70dd6ccc363037c8e39bb4a809cb4f5fab76ae77295acac14cf26b654bb4c1646be4e52dec7c423dbbf52bea4c231b6603fe24cc632
-
Filesize
344B
MD59b2e9753646664a437fb473f22f29e9b
SHA115191cc9fcd830603148cce38164931f80268346
SHA256649f9dd08e26e711e40b2dd63c08b503b52a31d2b44922d29c1eef617e53f9f7
SHA5126628fff035aabc2545f3029c0da368da0b9e785c1315bd55334d9a35fc0c5e19ad9e81f917d48dc8af7179fc13c1490f76c7935eb1cfbb32eeb72eacbd5400ee
-
Filesize
344B
MD5b013c70d394fc80005eab3a322c74ace
SHA1b538816d2467e5d97a598ed475a1b2d0da573c67
SHA256bc3dc8e0d9dcd2b6f8c108c5c54fb0e7024b2e0bde94d37f3448f7bf84bb8d70
SHA512a7a4b8ad7ab559897bdf7fb19a9a98a64694d23ec323a664333a75e152651fbce6a7c073bdc4d42406d25230cb50cbaf9fbd6eea9790af55c16ea211a0069ee5
-
Filesize
344B
MD5894500f1305329d5c66142f96190bfed
SHA12e88905e60b2ff50c0e066f11fbbce4d2457bf5f
SHA2567edf88ef1446083c53dc140714f051ff1029596c9397ddc17f7b32ce2914e636
SHA5126467d52ea0a2a9a24539aac48fd6cfc739c483b56c6b000cbe93945ff97294948651090c784400154f140aa61a9c41a972b7d5ce30950ed80761fe6ebf3209d7
-
Filesize
344B
MD5365840e7d96d4e30b6f36840700cbe1d
SHA129604b50548a3814061ed912fd037ffd258ae024
SHA256d35cec462973707e820f5f813095262cb0f7b6c27491efed376b643bc5d1a97b
SHA512e1dea28751124e17f8b7487bca903f1434fa7ec75f4809eddfeaa7b778286c32f973d07dcd4729dab3fd872f6e96159e7bc8165d3c6715532d9733e3d5c574b8
-
Filesize
344B
MD55ca38178f5a821bf1640bea2dd9a70c0
SHA18a07cd5ad8f472cb0e5cff0fcc484ee46b4f11f4
SHA256cc13ff848f4e79446e0d5a5fee6ed4502f711b3615666cd4cdc058e0faf3dd72
SHA512970b7776776ee3cec3e1c577af9fca6b129c8fa661b15518cd6362c3ede93cc58a6612b53255e49cef4197d1709fb46cd88ff8dc2398520f0990110ea4f03e3a
-
Filesize
344B
MD56bfc0513f3c457562fad7f4d12e7aabb
SHA19e8844e64a3102f184c12c8f529d16582ea6c4db
SHA2568b93cdfabae76a6a9286ef9858071b6b87026da1b6a83fdace9b42cacdb78030
SHA5126dd5a4d26e4d18cdc11c6ee68970c3a202b04f0cf4e1c767afb3c031f9b41e23a084eebded5049f9dfae1fda8d127d89a8671d74309f254ad29b061f2c34e94a
-
Filesize
344B
MD59a462b372b2a97c36ca6474c07bbe4bb
SHA1cc1320b2c439847982dae4a081cad10be390aea5
SHA25601a95ec1d3518f1da9c7610e9d465d0017c39895d5cd22734428ebbbba6274fa
SHA5125a6982602921f585073f07f5927576726cba87bec2f194d1e1078ddb1dd610fc8fc0d577b9a3d623e50599cbd4c7fc83d60795b2249cd56a9a2951a02e84fe4f
-
Filesize
344B
MD5ed090fbd9b6aa506e6ffb8f7ac061569
SHA14e71575f5a788ce2007ab2f78c89f29e3b2c2868
SHA256f31d1a0764ddda25abf04e77d953c2c1ebc84a7d5f703a432af6c91cdd00f757
SHA512cbb09fac7d9715f4be7a9821d65953020641b880d60cc9aabb1d979e4448082e643ad0ae3ac449defcf02a50177c71c3b8b85ccb0b50ce9a0b4e66bdc2bfa10d
-
Filesize
344B
MD5533e24ed3e30c83d3205dded3ee3eea7
SHA186d183d8fc2d076ddc9178498d7f0ddbf406a2bd
SHA2568840efb4ce6edcbb0155c5799321524fc03951289b38c385d3deb52690f01c11
SHA5122380da3a3c2be3ef88f963af9740222f9080e8dd885142f0f68189fee60d8d60607b64422ad54c2ee130e6ac954c2f806f5dff38226e1a50ef4ebf47368cc39b
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
44B
MD51008f540d99464004e9ba59b516db7f0
SHA1c6f54b19054556d3a1cca9c0fc5463cc31017da3
SHA2561e931f7e7c50c959e8742c51f9a10ef9819c0275f640a9c7b416120acbbd7326
SHA512151d6be89ca23148fe16b540e3a788e652fc3ee8ed5922149b1dab7b09c09e64fe6fbe20246c7e9f40f896e21311b1a29f43ec468e2a3a46a41ad4314f4fb3fa
-
Filesize
287KB
MD530f9d03c2de3388b83b1dcf015ccc348
SHA1c97fa70c6ec11ff884be979fd098e880f3ea7bbf
SHA2561f0f49b6749d7d6244c12f265cce52cf8f53e0c3e57d7bab1f42a9ff26042928
SHA51247e89747a387ef16e098a5d9244918b4c6b49e07f7e56dcd75e4d38ca32d23c1786110f60d7c35d100795bc67b023ffeda207f692c3ca90fac3d60a9b6b6c384
-
Filesize
211KB
MD571ba05d6ef82d8a9069cc1c3dc730dce
SHA18ae2e3f831ae81baaddf6df39467dfc1d1516de3
SHA256c1994a34c0a601020436acc1765b0f1486a6ed0de3e8962cfa2fbd72cdcdd497
SHA512b1da8e249b472c47ec9df0b979937b620c78fdd7556933dc29b7316b3ce9dd8840f00d385e09219ba50b6902fc82413bd6f17e8f6e59d5a02a888a151bc104e6
-
Filesize
165KB
MD5d7f4dc34d195688caec8c3a5b1517f5e
SHA1df0f8f83879c2fbf5afa1948c20e4c56864f8b90
SHA256cb387bae0f6159b3a7b95e80df34c2d9480cd52d15e3b606a9bdb7072a759883
SHA512bf57c6014a8c4784a2edbfb216edb90415894e1edf69c07ce297aabe2836ff3ebf3586671a41995416668442adc680da195ef85adeb95dd96fd7edd058592aeb
-
Filesize
165KB
MD5d7f4dc34d195688caec8c3a5b1517f5e
SHA1df0f8f83879c2fbf5afa1948c20e4c56864f8b90
SHA256cb387bae0f6159b3a7b95e80df34c2d9480cd52d15e3b606a9bdb7072a759883
SHA512bf57c6014a8c4784a2edbfb216edb90415894e1edf69c07ce297aabe2836ff3ebf3586671a41995416668442adc680da195ef85adeb95dd96fd7edd058592aeb
-
Filesize
165KB
MD5d7f4dc34d195688caec8c3a5b1517f5e
SHA1df0f8f83879c2fbf5afa1948c20e4c56864f8b90
SHA256cb387bae0f6159b3a7b95e80df34c2d9480cd52d15e3b606a9bdb7072a759883
SHA512bf57c6014a8c4784a2edbfb216edb90415894e1edf69c07ce297aabe2836ff3ebf3586671a41995416668442adc680da195ef85adeb95dd96fd7edd058592aeb
-
Filesize
165KB
MD5c74182bb7ed5cfe722c5c271483045ca
SHA10197005e6b1d2c7230eda51d16b11cbd756eb6b9
SHA2561613e7fa2ed812973269d51d6d73278d51a39c10a51b2f688ab5d4878b053fba
SHA51233757722210951fa19ab957ac0436f707ab3e10d21f8be2e3c27be5b21da0bdfd9dfe45b3d520b8257bcd3ac9276c797e2b83d426132dae05a93b9dd46cab460
-
Filesize
165KB
MD5c74182bb7ed5cfe722c5c271483045ca
SHA10197005e6b1d2c7230eda51d16b11cbd756eb6b9
SHA2561613e7fa2ed812973269d51d6d73278d51a39c10a51b2f688ab5d4878b053fba
SHA51233757722210951fa19ab957ac0436f707ab3e10d21f8be2e3c27be5b21da0bdfd9dfe45b3d520b8257bcd3ac9276c797e2b83d426132dae05a93b9dd46cab460
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf
-
Filesize
287KB
MD530f9d03c2de3388b83b1dcf015ccc348
SHA1c97fa70c6ec11ff884be979fd098e880f3ea7bbf
SHA2561f0f49b6749d7d6244c12f265cce52cf8f53e0c3e57d7bab1f42a9ff26042928
SHA51247e89747a387ef16e098a5d9244918b4c6b49e07f7e56dcd75e4d38ca32d23c1786110f60d7c35d100795bc67b023ffeda207f692c3ca90fac3d60a9b6b6c384
-
Filesize
211KB
MD571ba05d6ef82d8a9069cc1c3dc730dce
SHA18ae2e3f831ae81baaddf6df39467dfc1d1516de3
SHA256c1994a34c0a601020436acc1765b0f1486a6ed0de3e8962cfa2fbd72cdcdd497
SHA512b1da8e249b472c47ec9df0b979937b620c78fdd7556933dc29b7316b3ce9dd8840f00d385e09219ba50b6902fc82413bd6f17e8f6e59d5a02a888a151bc104e6
-
Filesize
165KB
MD5d7f4dc34d195688caec8c3a5b1517f5e
SHA1df0f8f83879c2fbf5afa1948c20e4c56864f8b90
SHA256cb387bae0f6159b3a7b95e80df34c2d9480cd52d15e3b606a9bdb7072a759883
SHA512bf57c6014a8c4784a2edbfb216edb90415894e1edf69c07ce297aabe2836ff3ebf3586671a41995416668442adc680da195ef85adeb95dd96fd7edd058592aeb
-
Filesize
165KB
MD5c74182bb7ed5cfe722c5c271483045ca
SHA10197005e6b1d2c7230eda51d16b11cbd756eb6b9
SHA2561613e7fa2ed812973269d51d6d73278d51a39c10a51b2f688ab5d4878b053fba
SHA51233757722210951fa19ab957ac0436f707ab3e10d21f8be2e3c27be5b21da0bdfd9dfe45b3d520b8257bcd3ac9276c797e2b83d426132dae05a93b9dd46cab460
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
4KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
516KB
-
Filesize
512KB
-
Filesize
9.9MB
-
Filesize
192KB
-
Filesize
984KB
-
Filesize
512KB
-
Filesize
1.0MB
-
Filesize
9.9MB
-
Filesize
304KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
192KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
528KB
-
Filesize
456KB
-
Filesize
6.9MB