Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.9d537...70.exe

windows7-x64

7

NEAS.9d537...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.9d5375c79401c8c68e7115dc8423d770.exe

  • Size

    25KB

  • MD5

    9d5375c79401c8c68e7115dc8423d770

  • SHA1

    a55f2717bbc0816a8da34e7a995d72d22a191774

  • SHA256

    8092f8fde4dc9c32cdff0b92ddf9caf2f1e851beb82cceaa96f722ddd3ebc6ba

  • SHA512

    eb923705bace915c589a154de3bdbe5c29c8487b1a30594974c4c14cdfb95f5a2bfd6a80b9d6e2bdd3a9514863cb7dae8aa60c9cdb4fcbf0bbcbb4e51f602a8b

  • SSDEEP

    384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvoWi:8Q3LotOPNSQVwVVxGKEvKHrVI

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.9d5375c79401c8c68e7115dc8423d770.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.9d5375c79401c8c68e7115dc8423d770.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\spoolsv.exe
      "C:\Windows\spoolsv.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mjDbCuMpfRZyHXu.exe
    Filesize

    25KB

    MD5

    7e6e173a2a0a514a7c2ccc131c5bcda0

    SHA1

    cea6f221c838500e46773ea25c91442d6a809ca6

    SHA256

    41819ff22f0e20277d5928d951bf5f245b72aa28a724f4f33121d9214dc84aef

    SHA512

    10fe1f47fab4e0a51833b6018f1dd07787d0ab72021714e2329d46f0b5772b05895d53cf23ea266f263c4f6fe63ca42e3dbb5ca3bb916d30860cac9aeb770b7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mjDbCuMpfRZyHXu.exe
    Filesize

    25KB

    MD5

    7e6e173a2a0a514a7c2ccc131c5bcda0

    SHA1

    cea6f221c838500e46773ea25c91442d6a809ca6

    SHA256

    41819ff22f0e20277d5928d951bf5f245b72aa28a724f4f33121d9214dc84aef

    SHA512

    10fe1f47fab4e0a51833b6018f1dd07787d0ab72021714e2329d46f0b5772b05895d53cf23ea266f263c4f6fe63ca42e3dbb5ca3bb916d30860cac9aeb770b7c

    Download Submit

  • C:\Windows\spoolsv.exe
    Filesize

    25KB

    MD5

    82071fd2379c64429acf376487fcddff

    SHA1

    2da42c7eaa62ecee65757b441c939f12b52228fb

    SHA256

    272bd07fa6c2678fd96a026237a184fceffa65d319f6844bac582aff90ce25d8

    SHA512

    194bdbdf624ec425a095a44116032687c46b3e2370f3c436e2d5516dcc778824ff57fa69edfacb42e5e76e05894eb0a40acf32dcee3b80ba397f823ec82b6adb

    Download Submit

  • C:\Windows\spoolsv.exe
    Filesize

    25KB

    MD5

    82071fd2379c64429acf376487fcddff

    SHA1

    2da42c7eaa62ecee65757b441c939f12b52228fb

    SHA256

    272bd07fa6c2678fd96a026237a184fceffa65d319f6844bac582aff90ce25d8

    SHA512

    194bdbdf624ec425a095a44116032687c46b3e2370f3c436e2d5516dcc778824ff57fa69edfacb42e5e76e05894eb0a40acf32dcee3b80ba397f823ec82b6adb

    Download Submit