Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/10/2023, 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe

  • Size

    444KB

  • MD5

    25e3b87e7b91c37518f6829738607e7b

  • SHA1

    e821c4cb69b72e3893845847cbdfd4f468f3e6d9

  • SHA256

    6fee90b8c063fd5de60e48c113a6aa49f503b0680d1d291a45303ab6619062cd

  • SHA512

    9860affad8761fd269a7c71adc61a15dfabc9f7f5aeba6d83900f55c98256f2b6f1679bfaa018307ce2cc9606f4fe95cac8e394fc065ed3107cbf64a69793b84

  • SSDEEP

    12288:Nb4bZudi79L05bb3q2Hg1te8i3gVSTNw1A:Nb4bcdkLurRA1tZi3gV0Nw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\AppData\Local\Temp\B96D.tmp
      "C:\Users\Admin\AppData\Local\Temp\B96D.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-05_25e3b87e7b91c37518f6829738607e7b_mafia_JC.exe 12E076146B0F2100715A9AEF1073A626F767DB71DC011A2BA03AD4054BB0684F711BA619FB8EB0C953044DE4E070781DBADD78B40422D763E45A539DA8C8B582
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B96D.tmp
    Filesize

    444KB

    MD5

    eee3e038c49d4574d10a5964f2fdf602

    SHA1

    fa2e8805949f49d33dfcd489babd65f871510b00

    SHA256

    94684a910e838ac3c34042c846b70e659728d730306d4b94dca1249ebecdd517

    SHA512

    1e0e8a6d5ca00e3a7671882f9129b748c250724ae158362346f3f75dc9bd748c6bfb2d1f99ab4b10990569b4612334ea70f53b9ac8ffc6dc7e4ac282debab0af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B96D.tmp
    Filesize

    444KB

    MD5

    eee3e038c49d4574d10a5964f2fdf602

    SHA1

    fa2e8805949f49d33dfcd489babd65f871510b00

    SHA256

    94684a910e838ac3c34042c846b70e659728d730306d4b94dca1249ebecdd517

    SHA512

    1e0e8a6d5ca00e3a7671882f9129b748c250724ae158362346f3f75dc9bd748c6bfb2d1f99ab4b10990569b4612334ea70f53b9ac8ffc6dc7e4ac282debab0af

    Download Submit