Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.e080d...JC.exe

windows7-x64

7

NEAS.e080d...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe

  • Size

    448KB

  • MD5

    e080d2b2f3648e9bd8cb16d3f70554b0

  • SHA1

    27fef09c65b72f334415da6586c5d8842b2b9168

  • SHA256

    5891b2a909468aa3c06e15a99d2b16aa5d17d95db7f35601ea2a7a0817a62a61

  • SHA512

    637ab00bcb72c74a16a20fe5dfd7714dbd58eea1b40d81c5d27da05b25afb2d26f67487f23d55cc5841c54882426eafb561ba80145aae8b2dffe9ddce87c36cf

  • SSDEEP

    12288:2zKMN8+cnQ8788x/FG1BmVQ5zCD4TyWN9VN:2z1LGQc/xtG1BmVQ5zY4xN9VN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe
    Filesize

    448KB

    MD5

    6fe1c62f4105ff8b4b4c277ea178e391

    SHA1

    265a8012d61ce331d70767ea29a44add9c8827da

    SHA256

    fc8cb23a714f778fe61138d6b7e01cdef7361c4a1ab5852caa91cf9e9c9b0867

    SHA512

    cb5b03a82c46b171f92382ca1088370f1ff279065116a9a2f2a3959f3db5cdfee5312c4d309fde125c8ce381ade40d3830141184ba0a680f5b5d6f1187d9f87e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.e080d2b2f3648e9bd8cb16d3f70554b0_JC.exe
    Filesize

    448KB

    MD5

    6fe1c62f4105ff8b4b4c277ea178e391

    SHA1

    265a8012d61ce331d70767ea29a44add9c8827da

    SHA256

    fc8cb23a714f778fe61138d6b7e01cdef7361c4a1ab5852caa91cf9e9c9b0867

    SHA512

    cb5b03a82c46b171f92382ca1088370f1ff279065116a9a2f2a3959f3db5cdfee5312c4d309fde125c8ce381ade40d3830141184ba0a680f5b5d6f1187d9f87e

    Download Submit

  • memory/2252-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2252-8-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2904-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2904-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2904-12-0x0000000000290000-0x00000000002CF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2904-17-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download