Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/10/2023, 20:32
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.9cf5f122981ebad449fbdd35342067e0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.9cf5f122981ebad449fbdd35342067e0.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.9cf5f122981ebad449fbdd35342067e0.exe
-
Size
114KB
-
MD5
9cf5f122981ebad449fbdd35342067e0
-
SHA1
349b72620ede9d3dce51675c651cea6498f83bdd
-
SHA256
d8670bbc398028e0ff3dac678a439b73bc1a2216f1c5ced55f25d5b1818f3d25
-
SHA512
813f05452252ce58bd559d0e609ad678a441a00e2fb5cf7fc5d0cea5778546aae0aa7db6228519a4cdd9d84c372523fdbc62560c82b04e36e3a61f348046200a
-
SSDEEP
3072:0Op/vOBPDB9mxZ6vf+LX4b8gfcJYvQd2H/:0uOKZFgVf
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2996 tedboxe.exe -
Loads dropped DLL 1 IoCs
pid Process 2176 NEAS.9cf5f122981ebad449fbdd35342067e0.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 checkip.dyndns.org -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2996 2176 NEAS.9cf5f122981ebad449fbdd35342067e0.exe 28 PID 2176 wrote to memory of 2996 2176 NEAS.9cf5f122981ebad449fbdd35342067e0.exe 28 PID 2176 wrote to memory of 2996 2176 NEAS.9cf5f122981ebad449fbdd35342067e0.exe 28 PID 2176 wrote to memory of 2996 2176 NEAS.9cf5f122981ebad449fbdd35342067e0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.9cf5f122981ebad449fbdd35342067e0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.9cf5f122981ebad449fbdd35342067e0.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\tedboxe.exeC:\Users\Admin\AppData\Local\Temp\tedboxe.exe2⤵
- Executes dropped EXE
PID:2996
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD56e1117c60cb372c4eb13c82e18f3ad2a
SHA198150f068dc1625bacda56ead3e7f2170b49b96a
SHA256caf65d78786592423c58c3ab242035b9733d96744026adb9a8198488b0ef0d5d
SHA512ac69b5da5321646bb1719c24db8ece3eb5b5cc127f1fab773a788213968333770271aebb3ba2a9d4313411ed0c64ce404b9070e1cfd5857df733762bae531192
-
Filesize
114KB
MD56e1117c60cb372c4eb13c82e18f3ad2a
SHA198150f068dc1625bacda56ead3e7f2170b49b96a
SHA256caf65d78786592423c58c3ab242035b9733d96744026adb9a8198488b0ef0d5d
SHA512ac69b5da5321646bb1719c24db8ece3eb5b5cc127f1fab773a788213968333770271aebb3ba2a9d4313411ed0c64ce404b9070e1cfd5857df733762bae531192
-
Filesize
114KB
MD56e1117c60cb372c4eb13c82e18f3ad2a
SHA198150f068dc1625bacda56ead3e7f2170b49b96a
SHA256caf65d78786592423c58c3ab242035b9733d96744026adb9a8198488b0ef0d5d
SHA512ac69b5da5321646bb1719c24db8ece3eb5b5cc127f1fab773a788213968333770271aebb3ba2a9d4313411ed0c64ce404b9070e1cfd5857df733762bae531192