Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

NEAS.7d1f8...e0.exe

windows7-x64

10

NEAS.7d1f8...e0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7d1f8be5694ddb81c2b1681b44c996e0.exe

  • Size

    308KB

  • MD5

    7d1f8be5694ddb81c2b1681b44c996e0

  • SHA1

    76e5ac30ae7962c76795d517dcb34327e65e04ed

  • SHA256

    37e40b732239b322fd186e507776d21ef55a18ce71e8eaebc86d7ab30ee36ce6

  • SHA512

    4512705c1f251e94ec7d040a826a51c4d0c133c0677918a17bf6f8f3086921aa561673d8eb46881a14037a040dccf143defa19b8f6b21aef122fae1cd1c5dd8c

  • SSDEEP

    1536:l2eDy4RZvZZqQKOsssssssswJEYw04IIssssssssssUwcrgZQwMEoIQssos4ssoK:T7HZZqZ//gl

Score
10/10
eternity

Malware Config

Signatures

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7d1f8be5694ddb81c2b1681b44c996e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7d1f8be5694ddb81c2b1681b44c996e0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\isaacv1.7.8a.0000-20220808-203734-24520-3656.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 928
      2⤵
      • Program crash
      PID:1576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\isaacv1.7.8a.0000-20220808-203734-24520-3656.txt
    Filesize

    246KB

    MD5

    9b407459c2b71bb02a0f58bd5c06a4e3

    SHA1

    d0e86b447cd253e758471c0f15969bd2af667593

    SHA256

    75ea4bab903818d31a4bf50167c0bedc46da8c9873dca94adeeabe9b1327ea98

    SHA512

    aad0c61d1667e131907c0ce4aa6e4c40bc6970c13ba2bc587d5cc84d35156afdc313f58a8cc7cbeccf63209c92ce44eb34a5f4f3437ddac8a05a9200fb6d1107

    Download Submit

  • memory/2872-0-0x00000000003F0000-0x0000000000442000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2872-1-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2872-2-0x0000000000350000-0x0000000000390000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2872-8-0x0000000074E70000-0x000000007555E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2872-9-0x0000000000350000-0x0000000000390000-memory.dmp

    Filesize

    256KB

    Download