Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.92b21...70.exe

windows7-x64

7

NEAS.92b21...70.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    26s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.92b2159c199cd097d13a0335243d5070.exe

  • Size

    468KB

  • MD5

    92b2159c199cd097d13a0335243d5070

  • SHA1

    76330dc12ccde6afbcc79143df2fa23417111532

  • SHA256

    e319ffc3fc8c912864329c1f465f266b8a6e580b977509cfeaedd723438c5f98

  • SHA512

    b312933dc0ff3c2cb9ae40ccf28416138c7fb4e54542d1d768262b6b6e83f98f13f00f85b744cb15d9d69906b1634acd56a67b7e2cc342b60aae90bf4debf96e

  • SSDEEP

    12288:vIZy5vefVi86MgEnjhVKVPhjCVSzZfLOAp:AZ80V8MgEnvK6Stt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.92b2159c199cd097d13a0335243d5070.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.92b2159c199cd097d13a0335243d5070.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Program Files (x86)\lfwn\tznruillc.exe
      "C:\Program Files (x86)\lfwn\tznruillc.exe"
      2⤵
      • Executes dropped EXE
      PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\lfwn\tznruillc.exe
    Filesize

    480KB

    MD5

    86f3743eb8d99da938376c7bd5dc3828

    SHA1

    83a1aef0bac5e7ba9585ac33109566fcd67fd36c

    SHA256

    7b9bc21bf2449c1ab5be9ca1938fe7944d654f869cbb948215b539a58e0d3851

    SHA512

    d32b4b4c1938650c0428b8166a85419069055e71015f5de74b54bc54d806dcc36f60e774cb790d26f0d429331cd051aa9a1c82cfadcc523d414d53861341caf8

    Download Submit

  • \Program Files (x86)\lfwn\tznruillc.exe
    Filesize

    480KB

    MD5

    86f3743eb8d99da938376c7bd5dc3828

    SHA1

    83a1aef0bac5e7ba9585ac33109566fcd67fd36c

    SHA256

    7b9bc21bf2449c1ab5be9ca1938fe7944d654f869cbb948215b539a58e0d3851

    SHA512

    d32b4b4c1938650c0428b8166a85419069055e71015f5de74b54bc54d806dcc36f60e774cb790d26f0d429331cd051aa9a1c82cfadcc523d414d53861341caf8

    Download Submit

  • memory/2412-0-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/2412-1-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/2412-7-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/3040-8-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/3040-9-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/3040-10-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download