Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
166s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
31/10/2023, 08:58
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
-
Size
89KB
-
MD5
c7398fc5e58f9301c3b93220a18c73a0
-
SHA1
fca12e09cbd7edae2b961cfab5db4cddb30316d9
-
SHA256
a56a7dc08fd740c03e0f148e51421e99ba2d680f8ce63aa967ebe67293c30043
-
SHA512
25c80d1144c06ca6f05eaf053bccea0b2a1477c3d6fd4e5025f54951d2669b6abb9357c5b97c2dac6cdaf1210033961e08d843f39a90a046e4cb1f05012092cc
-
SSDEEP
1536:WuKVN63zJqIlLpXLroLmcYXV/O16nvaHWdCx8lXDuIRZCmu8GZiYPvA3bOh5:dKVEtqIlLpbsLmcYXVlnvk1xatrs
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2592 antifahib.exe -
Loads dropped DLL 1 IoCs
pid Process 368 NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 3 icanhazip.com -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 368 wrote to memory of 2592 368 NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe 28 PID 368 wrote to memory of 2592 368 NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe 28 PID 368 wrote to memory of 2592 368 NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe 28 PID 368 wrote to memory of 2592 368 NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:368 -
C:\Users\Admin\AppData\Local\Temp\antifahib.exeC:\Users\Admin\AppData\Local\Temp\antifahib.exe2⤵
- Executes dropped EXE
PID:2592
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD5158f59afda9a75d547d2d17521705cdb
SHA13b6a4ceca9c337cf666f28aac76f7e76894175eb
SHA256ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862
SHA51296056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba
-
Filesize
89KB
MD5158f59afda9a75d547d2d17521705cdb
SHA13b6a4ceca9c337cf666f28aac76f7e76894175eb
SHA256ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862
SHA51296056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba
-
Filesize
89KB
MD5158f59afda9a75d547d2d17521705cdb
SHA13b6a4ceca9c337cf666f28aac76f7e76894175eb
SHA256ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862
SHA51296056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba