Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
23/10/2023, 20:41
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe
-
Size
249KB
-
MD5
098fdb658f90a3bba3b3f0280c952580
-
SHA1
d25eba00706a642e2dd83514fe3303d2cb0749db
-
SHA256
15ae65aa18ce3eae724c85745de8975a15b86307b3d7d6effbc7ea8541c2e5e2
-
SHA512
c477a8cc27aca6da317c83864bab9aede8d3acd1a377ced7d172eaaa8e075a7685f8e94b1635aac386786b59e0cb887517f44b8d3d5a014ed4639b482aeb56fd
-
SSDEEP
6144:7sZJCstu4PJg5/Ly0d8YaDRVHTVtSbGqJP:Yy5zyNYaHHDSf
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1796 dhuqaed.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\dhuqaed.exe NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe File created C:\PROGRA~3\Mozilla\fjgblbm.dll dhuqaed.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1716 NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe 1796 dhuqaed.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1012 wrote to memory of 1796 1012 taskeng.exe 29 PID 1012 wrote to memory of 1796 1012 taskeng.exe 29 PID 1012 wrote to memory of 1796 1012 taskeng.exe 29 PID 1012 wrote to memory of 1796 1012 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.098fdb658f90a3bba3b3f0280c952580_JC.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1716
-
C:\Windows\system32\taskeng.exetaskeng.exe {327D8CA4-0839-41BF-AE87-F1B3440A5DB3} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\PROGRA~3\Mozilla\dhuqaed.exeC:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1796
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
249KB
MD5d4b38409e7df093e6ce97c810505b99f
SHA175448539079929962cffa450150c23fb584c0a78
SHA2564e0a407e3d24cb93ddabe26382a9360b4d017ccdbc6bcb0d1a90e9c57ecf466e
SHA512b8a88a6ceec8aedd3cfa36191054bb528dfe6ec222fba85d629ac17be56c2e9a8cd1a308439b3a6b2c04ab3edd567a4d1f5b3672f2a6466b33e2067270fa6000
-
Filesize
249KB
MD5d4b38409e7df093e6ce97c810505b99f
SHA175448539079929962cffa450150c23fb584c0a78
SHA2564e0a407e3d24cb93ddabe26382a9360b4d017ccdbc6bcb0d1a90e9c57ecf466e
SHA512b8a88a6ceec8aedd3cfa36191054bb528dfe6ec222fba85d629ac17be56c2e9a8cd1a308439b3a6b2c04ab3edd567a4d1f5b3672f2a6466b33e2067270fa6000