Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
16/10/2023, 17:49
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe
-
Size
153KB
-
MD5
286e590cfe5802b49cfb4176862a0390
-
SHA1
8b951bf7a0ccbeee3ebac0c3b9e2c37c48ad6e7e
-
SHA256
ec243eb1fb6843c857bac421d6a60f9800c35cee506da5ba369a708d46a0c02e
-
SHA512
ededa9cd4564071444da1f01653102ec9380913ffc2b9711af463b46e79089b74fe2abea9a3f2243d383113b29b1afed35b6e4baffd40c812b8590142eacf37e
-
SSDEEP
3072:8UuCn53v9WYf7/LI4Lg1GX1rbNvQ7FeSBOzJYWx9Jv:jn5V/TLgOnNvGFWzj
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2904 zlzghad.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\zlzghad.exe NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe File created C:\PROGRA~3\Mozilla\unslydf.dll zlzghad.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2716 wrote to memory of 2904 2716 taskeng.exe 29 PID 2716 wrote to memory of 2904 2716 taskeng.exe 29 PID 2716 wrote to memory of 2904 2716 taskeng.exe 29 PID 2716 wrote to memory of 2904 2716 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.286e590cfe5802b49cfb4176862a0390_JC.exe"1⤵
- Drops file in Program Files directory
PID:2472
-
C:\Windows\system32\taskeng.exetaskeng.exe {BB1451CF-ACF7-441B-AE16-935305901E60} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\PROGRA~3\Mozilla\zlzghad.exeC:\PROGRA~3\Mozilla\zlzghad.exe -pmcpovi2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153KB
MD533d291c88132e0bf4eadd82293cd53fd
SHA124b25dc7e3f66c3bc137f1a552b3ba3512c57c1e
SHA256a149a1d8c5bc134c0a8722ff13be2573076629bc5aea763f0c3d0187c35406e4
SHA512a333de9513b23d9dc8ef78d2366d61236e7f33842dd930929b33e509f0965364e9af149159a7abc49a084ea73ab526b7e6bd6a5f10a56b1d729634284fede319
-
Filesize
153KB
MD533d291c88132e0bf4eadd82293cd53fd
SHA124b25dc7e3f66c3bc137f1a552b3ba3512c57c1e
SHA256a149a1d8c5bc134c0a8722ff13be2573076629bc5aea763f0c3d0187c35406e4
SHA512a333de9513b23d9dc8ef78d2366d61236e7f33842dd930929b33e509f0965364e9af149159a7abc49a084ea73ab526b7e6bd6a5f10a56b1d729634284fede319