Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
16/10/2023, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8416052e8b966ae8260c702f6e329f20.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.8416052e8b966ae8260c702f6e329f20.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.8416052e8b966ae8260c702f6e329f20.exe
-
Size
126KB
-
MD5
8416052e8b966ae8260c702f6e329f20
-
SHA1
aa69f7ae9c7b208726042a35953365794daacddd
-
SHA256
275949beeb063bb9dd208c656bfc480c15e8cd2d10386736ba1374ac1019b44a
-
SHA512
dd8da16ec91d43f5c6623adb0e8b93b2e7b3bc6ef525eef4fa5807df1ce6c335e6aa2ba2b41956d9fd419c603435d8e63939742bf3595eff98c0a4dccc04f08e
-
SSDEEP
3072:5COqnKQybPLlGRqXcryRwAF0r+A/nZZaEDgG:5s5ybPL6mcrymK0SEZZXgG
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 768 xvqykzi.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\xvqykzi.exe NEAS.8416052e8b966ae8260c702f6e329f20.exe File created C:\PROGRA~3\Mozilla\zyfdqqb.dll xvqykzi.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2988 wrote to memory of 768 2988 taskeng.exe 29 PID 2988 wrote to memory of 768 2988 taskeng.exe 29 PID 2988 wrote to memory of 768 2988 taskeng.exe 29 PID 2988 wrote to memory of 768 2988 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.8416052e8b966ae8260c702f6e329f20.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.8416052e8b966ae8260c702f6e329f20.exe"1⤵
- Drops file in Program Files directory
PID:1864
-
C:\Windows\system32\taskeng.exetaskeng.exe {00771172-D840-4680-93C6-E02DE2E3060B} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\PROGRA~3\Mozilla\xvqykzi.exeC:\PROGRA~3\Mozilla\xvqykzi.exe -tkarfve2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126KB
MD5700f15f056683906b58c59a070c390b5
SHA110b5a13205f0c5832907d0f6f123ea210e09d5cb
SHA2563188bf60333d2379fc9685f6d51f86da2f34e94f351de7eda03ba272269f3364
SHA5122ba3feb721a91dd6a90d99a923f30dd072132726a22d66aaccf72ee5dff8f24121da163c1baf2b1a2baa624a0bc93e688931d3ce3bebfdcfc671f0ba9130c919
-
Filesize
126KB
MD5700f15f056683906b58c59a070c390b5
SHA110b5a13205f0c5832907d0f6f123ea210e09d5cb
SHA2563188bf60333d2379fc9685f6d51f86da2f34e94f351de7eda03ba272269f3364
SHA5122ba3feb721a91dd6a90d99a923f30dd072132726a22d66aaccf72ee5dff8f24121da163c1baf2b1a2baa624a0bc93e688931d3ce3bebfdcfc671f0ba9130c919