Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.103b0...JC.exe

windows7-x64

8

NEAS.103b0...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.103b0e3c4d41ea8760f985a4ef2b1fc0_JC.exe

  • Size

    192KB

  • MD5

    103b0e3c4d41ea8760f985a4ef2b1fc0

  • SHA1

    e9b3f782a60adceff40c7c6ec72a9f533c5d7e00

  • SHA256

    bb83a58b15f808f8003a8a1ac5dd4addbc20db91e8960328efe9232a89377cd6

  • SHA512

    995edc9913ddf56eec1ec01afa328817f7bce1745f67f4acd68819afa96bc9bdb71443b3cc88b9e1b9964b07b902334a12433ef7b989ab7b8eefffd4294c1ac6

  • SSDEEP

    3072:26/chyinW3kBlqSpi9GXgS9uaxjnw89JnszQcJdXRNT:Jin4kBs6i9GXgUxF52dXHT

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.103b0e3c4d41ea8760f985a4ef2b1fc0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.103b0e3c4d41ea8760f985a4ef2b1fc0_JC.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2972
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {C6205C2A-8F2C-4EE6-BC5A-02E0BF6553D2} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\PROGRA~3\Mozilla\jezwark.exe
      C:\PROGRA~3\Mozilla\jezwark.exe -yvxgvyl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jezwark.exe
    Filesize

    192KB

    MD5

    6aa8b24cf0ed85bbd90388c0b1a76790

    SHA1

    0429dccd96dacd8634caaf81a00de5838f9c5ef2

    SHA256

    1a608e12412c5eae4e71ee803473be1686d6760d6140bd28b6f8cdeab83200fa

    SHA512

    7f0a80b1a55edcb0cc5f1d240101d814c25e7c7030677641209cc197fa99e37b114fd1ba632d3aacfcc26b0527e4a62b444b3df993d87f3e59a67427071ed29f

    Download Submit

  • C:\PROGRA~3\Mozilla\jezwark.exe
    Filesize

    192KB

    MD5

    6aa8b24cf0ed85bbd90388c0b1a76790

    SHA1

    0429dccd96dacd8634caaf81a00de5838f9c5ef2

    SHA256

    1a608e12412c5eae4e71ee803473be1686d6760d6140bd28b6f8cdeab83200fa

    SHA512

    7f0a80b1a55edcb0cc5f1d240101d814c25e7c7030677641209cc197fa99e37b114fd1ba632d3aacfcc26b0527e4a62b444b3df993d87f3e59a67427071ed29f

    Download Submit

  • memory/2764-8-0x0000000000880000-0x00000000008DB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-12-0x0000000000880000-0x00000000008DB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2972-0-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/2972-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2972-1-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2972-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2972-5-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download