Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.ed030...00.exe

windows7-x64

8

NEAS.ed030...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2023, 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ed030fc97c5a9a49dd73f9027abfda00.exe

  • Size

    368KB

  • MD5

    ed030fc97c5a9a49dd73f9027abfda00

  • SHA1

    51e034efaa186ce63d216759dfeeb80046c834e3

  • SHA256

    1d5c3e6d815c2d3893b8339f733377430cd777dcdea5b478c67a10263082a2dd

  • SHA512

    097b327d8452eadbf45df7bd3d3f37bdfc546d4516db0c46fa6c075085bf38307c320d3aa1444b6a30f75b882976c148af3879699dc41436142f47a94435579d

  • SSDEEP

    6144:mfaiV3M7tydyE7ztsY4yTr8bjeJwj2EItHpcF:uau3URWtsYf8PemjEu

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ed030fc97c5a9a49dd73f9027abfda00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ed030fc97c5a9a49dd73f9027abfda00.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2896
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {AB8B8DA7-E3B5-470A-9E99-98579A11A3C2} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\PROGRA~3\Mozilla\dhuqaed.exe
      C:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\dhuqaed.exe
    Filesize

    368KB

    MD5

    faf408fc7abdfa165ac3872cbc440610

    SHA1

    b332f22cc09077409eb2b10d5a9830c331785dad

    SHA256

    de85562be9f42719f4a8b49cb88c185421cfc7598ca749de978f13376a41f42b

    SHA512

    8563c98548aa00c908784231fc41e0b546e68a0e81be5fe35d48ab2c196242d3ecb504d8437542d7b254e8cc1e55caa23cd7d2f18727c9e7986249b0bdcaaee0

    Download Submit

  • C:\PROGRA~3\Mozilla\dhuqaed.exe
    Filesize

    368KB

    MD5

    faf408fc7abdfa165ac3872cbc440610

    SHA1

    b332f22cc09077409eb2b10d5a9830c331785dad

    SHA256

    de85562be9f42719f4a8b49cb88c185421cfc7598ca749de978f13376a41f42b

    SHA512

    8563c98548aa00c908784231fc41e0b546e68a0e81be5fe35d48ab2c196242d3ecb504d8437542d7b254e8cc1e55caa23cd7d2f18727c9e7986249b0bdcaaee0

    Download Submit

  • memory/2764-8-0x00000000004D0000-0x000000000052B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2764-12-0x00000000004D0000-0x000000000052B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2896-0-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2896-1-0x0000000000250000-0x00000000002AB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2896-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2896-4-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2896-5-0x0000000000250000-0x00000000002AB000-memory.dmp

    Filesize

    364KB

    Download