Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.d6537...JC.exe

windows7-x64

10

NEAS.d6537...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.d653768d8277397a993493e9aa85d070_JC.exe

  • Size

    1.0MB

  • MD5

    d653768d8277397a993493e9aa85d070

  • SHA1

    1962f7d02ed3003a2a7a486d5b51e0b6eb972ae6

  • SHA256

    d1f5f04b883d54d10209a18bed911f0f931498a109c2cd7d6947f7383d3fc75c

  • SHA512

    dd17cdd097ce3611f46d277d0846e72ec9de9390f70e853ee91959ea4ee3187ebb4834f34ae774e832d4d240959a0dde612150a8585dd912ac86519cbb6bb1fe

  • SSDEEP

    24576:S1b348X6Px7H3FKfPbKJO5ce2jOjTZdTi6Nw+7fp8ClohpPL:SHUBHVKYO5c0jFN/p8CloH

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d653768d8277397a993493e9aa85d070_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.d653768d8277397a993493e9aa85d070_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX8622.tmp
    Filesize

    61KB

    MD5

    1b2bc10fd8d816da0e94f078d0f781d9

    SHA1

    94332d87e63d511270f30270471e5f150609dc4e

    SHA256

    329e8c959d081457221bc96e0740f7ce9379f682e13dc763ab5da8c2412c9ff0

    SHA512

    193c618869975dbee223bc5ca6b3caa338122cfcc140b9daeaf8df1947b731325e8e06232ef1e52a15abe92e18a824d8f3b1996209ee7cd3372c980473b3679c

    Download Submit

  • C:\Windows\SysWOW64\DC++ Share\RCX94C9.tmp
    Filesize

    62KB

    MD5

    b126345317624479f78fbf30b3a1fe5a

    SHA1

    655c966bf7bbf96ee49c83062d30b9dba17d693c

    SHA256

    8723d2d97d52f6d3b63968594c93bf2c5b5300b306c9670be4616cb134964301

    SHA512

    d0be6d608b5f4e482287d16e6587e00be1b4390f78efc3ce63008f99be7358e65f0eef9eba330d845462b64fa7a86cc3f1395b863ad0f8d01c0b790fc2f4c02d

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    1.1MB

    MD5

    cdd61d97aa0f5d7664055da3afc04c61

    SHA1

    2523bcb95f0de27cd2925f96c59af01490508080

    SHA256

    da676df20a2d0c883400959f53d0e5a5593b699d77debc99ebb788b92690b765

    SHA512

    98c6d3fb96e9bee5328e856d9d92a8896a9b86dd033252ec0fd941b09b912cf2ed17436328a5f0fef444fa21aada9ea0553c02682f89da998922f813b773912b

    Download Submit

  • memory/1728-150-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-152-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-147-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-148-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-149-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-96-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-151-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-146-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-153-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-154-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-155-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-156-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-157-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1728-158-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download