Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/10/2023, 08:19
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.dd934048e4f9dc37d4507ba003f1a250.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.dd934048e4f9dc37d4507ba003f1a250.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.dd934048e4f9dc37d4507ba003f1a250.exe
-
Size
6KB
-
MD5
dd934048e4f9dc37d4507ba003f1a250
-
SHA1
9b2b527ed9650137a31ff935979925de385b8a51
-
SHA256
466cc124ac1fcff6ec85f308d6746e706be390ebdcdaecc27c070cde2bce7200
-
SHA512
24140088a089eb9519e890b88b2d8daef8356542f86bec2e24fda850c759a6efd0b8d82f5575df8813cddff181ac7dbe9c2912653c55e7808250239fdfa12c89
-
SSDEEP
96:ZSign/x6z0AjDXX6Hb3R51nKymV44hjDErqGaKqBCY1ndTTgmVNLuiNvNvOmwa:oii5qDXX6d51nKfzzVEYBtb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2660 ygczw.exe -
Loads dropped DLL 2 IoCs
pid Process 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2612 wrote to memory of 2660 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe 28 PID 2612 wrote to memory of 2660 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe 28 PID 2612 wrote to memory of 2660 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe 28 PID 2612 wrote to memory of 2660 2612 NEAS.dd934048e4f9dc37d4507ba003f1a250.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dd934048e4f9dc37d4507ba003f1a250.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dd934048e4f9dc37d4507ba003f1a250.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Users\Admin\AppData\Local\Temp\ygczw.exe"C:\Users\Admin\AppData\Local\Temp\ygczw.exe"2⤵
- Executes dropped EXE
PID:2660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5e74d005786da4a6596cc53187df44e99
SHA178d3acd1afa52922b614d84859e26ba506d407f0
SHA256c3416d564b0cd8d93dee5184d62953a741b1021b7dcd6804fdd9fb8b3f07a769
SHA51275ee9efa1a5840f46fe6f4f2580a3ca29b3e633eb30590ff597817abb76a598110f4257d5841937dd9834122bf206868e85562f6c72444d766da9817a142dfee
-
Filesize
6KB
MD5e74d005786da4a6596cc53187df44e99
SHA178d3acd1afa52922b614d84859e26ba506d407f0
SHA256c3416d564b0cd8d93dee5184d62953a741b1021b7dcd6804fdd9fb8b3f07a769
SHA51275ee9efa1a5840f46fe6f4f2580a3ca29b3e633eb30590ff597817abb76a598110f4257d5841937dd9834122bf206868e85562f6c72444d766da9817a142dfee
-
Filesize
6KB
MD5e74d005786da4a6596cc53187df44e99
SHA178d3acd1afa52922b614d84859e26ba506d407f0
SHA256c3416d564b0cd8d93dee5184d62953a741b1021b7dcd6804fdd9fb8b3f07a769
SHA51275ee9efa1a5840f46fe6f4f2580a3ca29b3e633eb30590ff597817abb76a598110f4257d5841937dd9834122bf206868e85562f6c72444d766da9817a142dfee
-
Filesize
6KB
MD5e74d005786da4a6596cc53187df44e99
SHA178d3acd1afa52922b614d84859e26ba506d407f0
SHA256c3416d564b0cd8d93dee5184d62953a741b1021b7dcd6804fdd9fb8b3f07a769
SHA51275ee9efa1a5840f46fe6f4f2580a3ca29b3e633eb30590ff597817abb76a598110f4257d5841937dd9834122bf206868e85562f6c72444d766da9817a142dfee
-
Filesize
6KB
MD5e74d005786da4a6596cc53187df44e99
SHA178d3acd1afa52922b614d84859e26ba506d407f0
SHA256c3416d564b0cd8d93dee5184d62953a741b1021b7dcd6804fdd9fb8b3f07a769
SHA51275ee9efa1a5840f46fe6f4f2580a3ca29b3e633eb30590ff597817abb76a598110f4257d5841937dd9834122bf206868e85562f6c72444d766da9817a142dfee