Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.00386...JC.exe

windows7-x64

6

NEAS.00386...JC.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.003861e95704b5b0a032f0ef15f5cd50_JC.exe

  • Size

    32KB

  • MD5

    003861e95704b5b0a032f0ef15f5cd50

  • SHA1

    57ac88047fa3d4115bdc58b0c01db1b2ac1e03b6

  • SHA256

    63c290f51fb9d3f5d98afd739b4a13ff1181998d166ace43858e1319237280f0

  • SHA512

    dcdee638eeee9fb0516e72d6bf2eac013ccd2c47600713764347f0a65fdbfb3a5b0c5bfcbc0864242baf9cc0f1b63d27de395a16e321735c2ae1e59f6868379b

  • SSDEEP

    384:f98xUHQjrKWyGUJGy4/q8zLeiXerXnfaw9+ZuWVA+iX8/L3tLvb6g:WwABqop2N+A7kL39vb6g

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.003861e95704b5b0a032f0ef15f5cd50_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.003861e95704b5b0a032f0ef15f5cd50_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
      2⤵
      • Adds Run key to start application
      • Runs .reg file with regedit
      PID:1780
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\PolicyAgent.exe
      Filesize

      32KB

      MD5

      b416d343fd142c578732c147692f0177

      SHA1

      c605f904d40ce3a50eec3f85c17c5f07aca09975

      SHA256

      06991abc1db0e8f3e0858712647828a8216eadd87e9efaa73b83f39e1b0d575d

      SHA512

      bfa0803dda83e0d3fda5488acbd78c60e2e55ac7b23340b6ab8ab61216b9122d30d0717d065cbd13e1e4cd5fde71d806cbcc77d4bbebcdd4f7a19e1c9788380f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
      Filesize

      174B

      MD5

      2a63d29d1acad01766bf53667bbc534d

      SHA1

      3aa6444caeee7d3b84f1c377c5d4ab56e18fe25d

      SHA256

      b9c9532faf62195ce337663a40522d316bda94ee407bb3e9d9cf38e6cfb7112d

      SHA512

      5cafbc90539a62af3fcb9bc22ad6a4330f823fa42f047e8c735172d82d3624f64b55aac24d479779ee2ac11dcab6f066526707b1f9042193548c9b6f3c727dd6

      Download Submit

    • memory/1732-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1732-6-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1732-8-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2508-0-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2508-1-0x0000000000020000-0x0000000000028000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2508-17-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download