Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.50871...50.exe

windows7-x64

7

NEAS.50871...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    21s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.50871e35abcff50af94ddf1d4ecd7d50.exe

  • Size

    420KB

  • MD5

    50871e35abcff50af94ddf1d4ecd7d50

  • SHA1

    3481b543b882aa56b7adc7d6228db6080ca9fabe

  • SHA256

    4e446aacac58587553d4a4af25698234735302af5ea47d9326a3ff82b18dbaf7

  • SHA512

    ae78a80b1fa0ac2e0ea85db64e056d522163993764d4366deb94aa875a56ccfb53294d7ce7660e0fef46d7b3828036137358b231f7584630adc5d33da33039ff

  • SSDEEP

    6144:QSdZvK6iBQL+W5rd1WjRuXZ9tZBE8eE+RiBkECdxT1XUTW5qXmLEvPf:xlWjREtA8eE+AkbCT0qPf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.sho
      C:\Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.sho
      2⤵
      • Executes dropped EXE
      PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.sho
    Filesize

    360KB

    MD5

    cc3707cc88764501a1539927e19df80e

    SHA1

    4bfa44cb06b0dcbded0917d49fb9cbbf1750da08

    SHA256

    b57dfbd41b892bf80df298222cdb3800cc19937af34e04d3868b74522e4dce06

    SHA512

    70f764f4b7bb2437de74d8797b9783c3746382261af264639979d76b776c53478c3a7957d4ab01a3f29a8badc4b48f0965264cff99d5ed8fb7a4ffee5a3754c2

    Download Submit

  • C:\Windows\SysWOW64\Shohdi.hdi
    Filesize

    420KB

    MD5

    50871e35abcff50af94ddf1d4ecd7d50

    SHA1

    3481b543b882aa56b7adc7d6228db6080ca9fabe

    SHA256

    4e446aacac58587553d4a4af25698234735302af5ea47d9326a3ff82b18dbaf7

    SHA512

    ae78a80b1fa0ac2e0ea85db64e056d522163993764d4366deb94aa875a56ccfb53294d7ce7660e0fef46d7b3828036137358b231f7584630adc5d33da33039ff

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.50871e35abcff50af94ddf1d4ecd7d50.sho
    Filesize

    360KB

    MD5

    cc3707cc88764501a1539927e19df80e

    SHA1

    4bfa44cb06b0dcbded0917d49fb9cbbf1750da08

    SHA256

    b57dfbd41b892bf80df298222cdb3800cc19937af34e04d3868b74522e4dce06

    SHA512

    70f764f4b7bb2437de74d8797b9783c3746382261af264639979d76b776c53478c3a7957d4ab01a3f29a8badc4b48f0965264cff99d5ed8fb7a4ffee5a3754c2

    Download Submit