Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.c7398...a0.exe

windows7-x64

7

NEAS.c7398...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2023, 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe

  • Size

    89KB

  • MD5

    c7398fc5e58f9301c3b93220a18c73a0

  • SHA1

    fca12e09cbd7edae2b961cfab5db4cddb30316d9

  • SHA256

    a56a7dc08fd740c03e0f148e51421e99ba2d680f8ce63aa967ebe67293c30043

  • SHA512

    25c80d1144c06ca6f05eaf053bccea0b2a1477c3d6fd4e5025f54951d2669b6abb9357c5b97c2dac6cdaf1210033961e08d843f39a90a046e4cb1f05012092cc

  • SSDEEP

    1536:WuKVN63zJqIlLpXLroLmcYXV/O16nvaHWdCx8lXDuIRZCmu8GZiYPvA3bOh5:dKVEtqIlLpbsLmcYXVlnvk1xatrs

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c7398fc5e58f9301c3b93220a18c73a0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Users\Admin\AppData\Local\Temp\antifahib.exe
      C:\Users\Admin\AppData\Local\Temp\antifahib.exe
      2⤵
      • Executes dropped EXE
      PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\antifahib.exe
    Filesize

    89KB

    MD5

    158f59afda9a75d547d2d17521705cdb

    SHA1

    3b6a4ceca9c337cf666f28aac76f7e76894175eb

    SHA256

    ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862

    SHA512

    96056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\antifahib.exe
    Filesize

    89KB

    MD5

    158f59afda9a75d547d2d17521705cdb

    SHA1

    3b6a4ceca9c337cf666f28aac76f7e76894175eb

    SHA256

    ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862

    SHA512

    96056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba

    Download Submit

  • \Users\Admin\AppData\Local\Temp\antifahib.exe
    Filesize

    89KB

    MD5

    158f59afda9a75d547d2d17521705cdb

    SHA1

    3b6a4ceca9c337cf666f28aac76f7e76894175eb

    SHA256

    ffeb15f89a69fa86ae7e2b05dc9806d4cd7f549fec0a2182c5444e98e618b862

    SHA512

    96056fba2ca26de7436511bd81bb64eed9ece8b791da61faf0a811679d0b58b979a1c8317883295cfb157bdac62ae7f237246b2d6468a582280aa21054a10dba

    Download Submit

  • memory/368-1-0x0000000000230000-0x0000000000235000-memory.dmp

    Filesize

    20KB

    Download

  • memory/368-0-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/368-6-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2592-9-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download