Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.b5f8c...f0.exe

windows7-x64

8

NEAS.b5f8c...f0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2023, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b5f8cc8416ca231b2a0e3ea16a40c0f0.exe

  • Size

    125KB

  • MD5

    b5f8cc8416ca231b2a0e3ea16a40c0f0

  • SHA1

    03989cadd42d309e36eb7349a48c650416490b65

  • SHA256

    da7f8d7406d5d27e9a267c24b633c47ce519c9363965873e2d5adaa1c08e1b08

  • SHA512

    df39c2c9e22d4b44f1060b0308890077f7d1a388f9e4829f9e002c28c1a142b3ea9ab33c795687c2dbfdd816e72f414e8371981871eedef8080fa09155541b0f

  • SSDEEP

    1536:P1xmlWVgnVvh71ZxPFyblsmpideu1CYxzK4OOKef6oL9pzWCS5A3MIePWJXtgo5B:tAlWyhDybmeadDf6M9y5zIeuVbub/q

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b5f8cc8416ca231b2a0e3ea16a40c0f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b5f8cc8416ca231b2a0e3ea16a40c0f0.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1728
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {979A9C96-A714-489E-B071-E0AC6592DB1D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\PROGRA~3\Mozilla\pwhehon.exe
      C:\PROGRA~3\Mozilla\pwhehon.exe -arzwbsb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\pwhehon.exe
    Filesize

    125KB

    MD5

    5094f2833c5d883952e39312ed3014a2

    SHA1

    9ba854197f36ba9691a3cf22570f84c4fefd8655

    SHA256

    d36ac230c892b8e75eaf37fe6ebe8ce71f0e73da27889801748cacc1aab38a62

    SHA512

    d004d28fda7e3903da00005c8f3e15446eb532b32e50579ccb7a912bf77ae2ff444c0099dabb871c35576a00b82bfe13974d5ccf7535b8bf6425f07d02cdd66f

    Download Submit

  • C:\PROGRA~3\Mozilla\pwhehon.exe
    Filesize

    125KB

    MD5

    5094f2833c5d883952e39312ed3014a2

    SHA1

    9ba854197f36ba9691a3cf22570f84c4fefd8655

    SHA256

    d36ac230c892b8e75eaf37fe6ebe8ce71f0e73da27889801748cacc1aab38a62

    SHA512

    d004d28fda7e3903da00005c8f3e15446eb532b32e50579ccb7a912bf77ae2ff444c0099dabb871c35576a00b82bfe13974d5ccf7535b8bf6425f07d02cdd66f

    Download Submit

  • memory/1728-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1728-1-0x0000000000320000-0x000000000037B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1728-6-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2748-12-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2748-13-0x0000000000560000-0x00000000005BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2748-19-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download