Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.2a42d...b0.exe

windows7-x64

8

NEAS.2a42d...b0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 13:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2a42dd4f4804d66609503f2c3dd383b0.exe

  • Size

    364KB

  • MD5

    2a42dd4f4804d66609503f2c3dd383b0

  • SHA1

    eb54f17b26300b6c61f1eb78f8287ec8823500a9

  • SHA256

    99b6f9cf98836ad08b83e42e73151fc14ea6f4ceb1fdd64fe190b086b67b83a9

  • SHA512

    22521b11675d6aab2e1f389b5bd0ff915090fdf477f3b3178fcdca09336a440b4e62c0fe5fa8ae9308d8c185743ba1c2463b00c8094a3ec1700426a0d41687c7

  • SSDEEP

    3072:J/yXvD2enVN5UkLPp1f5mbUM96Zvx+UZkxvU84xUa4bjRTItEcmHA:J/yfD2Apf04GuvIUZeqJ2jydmHA

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2a42dd4f4804d66609503f2c3dd383b0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2a42dd4f4804d66609503f2c3dd383b0.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:2344
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {37EDC350-0D08-4AD1-B9AC-4CBE3D581C71} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\PROGRA~3\Mozilla\dhuqaed.exe
      C:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\dhuqaed.exe
    Filesize

    364KB

    MD5

    9d6cf91de793374e90288ea23fbcf714

    SHA1

    2d81334a9a7d4c8533b3f78d20ba768258b1fca9

    SHA256

    4ba62b5cbff6bfb4a70de9c297b51cc085972d70de1dfdea88969b9ec41b83e7

    SHA512

    3d455890a2dd9fb3d0d8acc1987c1a57c591a2d42d17f8017afccfc833d34b15e072862666148cb4aa87c35bf0e16ea6c81adf1a9d91eb6b745bae5ecfcf0c4b

    Download Submit

  • C:\PROGRA~3\Mozilla\dhuqaed.exe
    Filesize

    364KB

    MD5

    9d6cf91de793374e90288ea23fbcf714

    SHA1

    2d81334a9a7d4c8533b3f78d20ba768258b1fca9

    SHA256

    4ba62b5cbff6bfb4a70de9c297b51cc085972d70de1dfdea88969b9ec41b83e7

    SHA512

    3d455890a2dd9fb3d0d8acc1987c1a57c591a2d42d17f8017afccfc833d34b15e072862666148cb4aa87c35bf0e16ea6c81adf1a9d91eb6b745bae5ecfcf0c4b

    Download Submit

  • memory/2344-0-0x0000000000260000-0x00000000002BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2344-1-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2344-3-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2688-6-0x0000000000840000-0x000000000089B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2688-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2688-9-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2688-10-0x0000000000840000-0x000000000089B000-memory.dmp

    Filesize

    364KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.