Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.6889f...JC.exe

windows7-x64

6

NEAS.6889f...JC.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6889f62ca91f76368b7f5469f621abc0_JC.exe

  • Size

    561KB

  • MD5

    6889f62ca91f76368b7f5469f621abc0

  • SHA1

    f79bebfed209521daad52150cd5b37059329ef4a

  • SHA256

    aee16081b73d42c4e7569c60d5f3efa270a1666c0b748c6c05ad9729bcd4222c

  • SHA512

    d33ba86388fe03934a9ada688fda746d782a26cbc59d80f8e9e7395258d3174d47bfbc948d4fa3a942ac3c92def49b9ca877855fda2d10fafb8c9e092fa1a8cb

  • SSDEEP

    1536:c+ERR8o3CiGNUc5LvWQkZ55+s0yn3Vk2qBDJisKld70:MR8o3Ci/c5LuZjOun0

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1248
      • C:\Users\Admin\AppData\Local\Temp\NEAS.6889f62ca91f76368b7f5469f621abc0_JC.exe
        "C:\Users\Admin\AppData\Local\Temp\NEAS.6889f62ca91f76368b7f5469f621abc0_JC.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Users\Admin\AppData\Local\Temp\NEAS.6889f62ca91f76368b7f5469f621abc0_JC.exe
          "C:\Users\Admin\AppData\Local\Temp\NEAS.6889f62ca91f76368b7f5469f621abc0_JC.exe"
          3⤵
          • Suspicious use of SetWindowsHookEx
          PID:2564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Java\jdk1.7.0_80\jre\readme.eml
      Filesize

      14KB

      MD5

      b0d48798eac0c2e039bb82e094637f27

      SHA1

      b1ea5fb6781e8589578e0398c0bc2f2220e6c994

      SHA256

      3df79ff27073e22788dac726b0443339d3c9accee35a29729d78114dd53de2b6

      SHA512

      1b859c41cf107c85e460fa29597a64aafcac2b888061d361dd07ac1e6d9116caa1f634cb22926c1305fda129cbe27686e71628a9457f9813645899ba869739d1

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
      Filesize

      12KB

      MD5

      8156706568e77846b7bfbcc091c6ffeb

      SHA1

      792aa0db64f517520ee8f745bee71152532fe4d2

      SHA256

      5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

      SHA512

      8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
      Filesize

      8KB

      MD5

      7757fe48a0974cb625e89012c92cc995

      SHA1

      e4684021f14053c3f9526070dc687ff125251162

      SHA256

      c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

      SHA512

      b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

      Download Submit

    • C:\Windows\SysWOW64\runouce.exe
      Filesize

      10KB

      MD5

      533b73f11f45fa50511ccf50129940be

      SHA1

      9811f069fc8a24193ba9b54b74e425431368d29d

      SHA256

      f74ea62b98980a5e0f41ab38647e1154dabda2d183525bb86dc3dfc5a8ee6d4f

      SHA512

      89e0785b7735685be881173ea9eb81af69665cc4ff60d5602ae4e1cc5434b2a6d40577b6ecb9b3f6677d747c5a4de3db4c039f99435f7af13175e72f675031f1

      Download Submit

    • memory/1248-4-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1248-5-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2228-0-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB

      Download

    • memory/2228-28-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB

      Download

    • memory/2228-29-0x0000000000220000-0x00000000002AD000-memory.dmp

      Filesize

      564KB

      Download

    • memory/2564-30-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB

      Download