Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
01/11/2023, 14:23
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.eb6b338caaa926b3959e795f49732870.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.eb6b338caaa926b3959e795f49732870.exe
Resource
win10v2004-20231025-en
General
-
Target
NEAS.eb6b338caaa926b3959e795f49732870.exe
-
Size
127KB
-
MD5
eb6b338caaa926b3959e795f49732870
-
SHA1
5d2a8ac732e4d7cf6f2310bbf8c3b23a201b3567
-
SHA256
4a8e7ec99ad70b3ba01338c67810050521ebd95b7bf47f7448434f6dc7179dea
-
SHA512
2d050686246d30e23d49ae5f1ec2630d4a969423e744707622916f966b4ac7e94b58c5cd305c1ef8355816350c006cfc37409d0a84161d8967a6fd5958d38ce6
-
SSDEEP
3072:sKe767HClrfM4/ibKX6zBSTk08bAmavFdnNqx13RxV5pX:sKeG7HC5/K4k0JdNNq/lX
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2968 pwhehon.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\pwhehon.exe NEAS.eb6b338caaa926b3959e795f49732870.exe File created C:\PROGRA~3\Mozilla\mudzpnf.dll pwhehon.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1760 wrote to memory of 2968 1760 taskeng.exe 30 PID 1760 wrote to memory of 2968 1760 taskeng.exe 30 PID 1760 wrote to memory of 2968 1760 taskeng.exe 30 PID 1760 wrote to memory of 2968 1760 taskeng.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.eb6b338caaa926b3959e795f49732870.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.eb6b338caaa926b3959e795f49732870.exe"1⤵
- Drops file in Program Files directory
PID:2264
-
C:\Windows\system32\taskeng.exetaskeng.exe {A969CAB0-DDC9-4163-B7B3-35698CC90F99} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\PROGRA~3\Mozilla\pwhehon.exeC:\PROGRA~3\Mozilla\pwhehon.exe -arzwbsb2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
127KB
MD515e416f22482a8cb1b2f262d8c4bbf7e
SHA109aefb53d5bb4e74b5badab29152d984a53c1805
SHA25602e6104e7234da8182a0edec62c13d71ad7dba7783c46b73b190e2d59f689645
SHA512da6a5aa588ef040c3436f4f6b7645c8f1c9f84470275fd4b4c86fc25791058432269f3d2b5eaf587fbeb1f4f8f6869d1eba94dc5fcc0e6ddf813cd26bc9e5be8
-
Filesize
127KB
MD515e416f22482a8cb1b2f262d8c4bbf7e
SHA109aefb53d5bb4e74b5badab29152d984a53c1805
SHA25602e6104e7234da8182a0edec62c13d71ad7dba7783c46b73b190e2d59f689645
SHA512da6a5aa588ef040c3436f4f6b7645c8f1c9f84470275fd4b4c86fc25791058432269f3d2b5eaf587fbeb1f4f8f6869d1eba94dc5fcc0e6ddf813cd26bc9e5be8