Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

NEAS.da0aa...JC.exe

windows7-x64

7

NEAS.da0aa...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2023, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.da0aa478d1e20da9ff1067ef91727470_JC.exe

  • Size

    197KB

  • MD5

    da0aa478d1e20da9ff1067ef91727470

  • SHA1

    57e22d346a6a91aece6de1dca0c930dd7e3648df

  • SHA256

    aa5598a6a2fdc5b313e32ba137b11a7ba7e003829829d933d5f014ccf0db96b8

  • SHA512

    2fe328545dcbe1909a29010168e091547dec4e9c1ac83ec1bae6913b977f4f2ba080b67ee78cbf1c854c3352ccb036efa8a12c1bb84dcafe4eceb42e06022455

  • SSDEEP

    3072:KhS7VD4/EnzzMUD8u8EC45xRS5b7lIf3GYHfqR1hAtTD5DyXglREK0c:dOizzb8uDxZCHlIZgEh5DyXglh

Score
7/10
aspackv2persistence

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 3 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 17 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.da0aa478d1e20da9ff1067ef91727470_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.da0aa478d1e20da9ff1067ef91727470_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\HUSUFFQ.EXE
      C:\Users\HUSUFFQ.EXE
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\HUSUFFQ.EXE
    Filesize

    198KB

    MD5

    2b4bf3671c7ab4b1df766b0b61e0731e

    SHA1

    dd8ac9c477f84d7a9ee8b97ffc5f7706d9a1022a

    SHA256

    980b0a32561f955f595367a16a1f33f06c191e84ba28a0039ef00dfdef24a513

    SHA512

    f523b710d1bf1de8413d5d6a40706e7d9b0427f8c7a0ac9025cc4f018ff1e3a3c4d4702b1a71a71c808430b3145ba2813c10d2a6390499d4bbb70f32fec7b28c

    Download Submit

  • C:\Windows\IWUFRZT.EXE
    Filesize

    198KB

    MD5

    e817eb26b8504aa5fe943f1ea68ac150

    SHA1

    bca19c6c83f8519c5929575b8b5bb389df3e2613

    SHA256

    7c5d08cd8717c861d70929d39e99f458cd745d53d52e8843de4593315e36cc3c

    SHA512

    adcfdaec60334cc510fe79156ec7f5d3a097f9f59fe0d9c9f0fb2e213c2ae109178ea21c075f0682486d6fd13508a5632a9283b1968592ce3b76bc4732209259

    Download Submit

  • \Users\HUSUFFQ.EXE
    Filesize

    198KB

    MD5

    2b4bf3671c7ab4b1df766b0b61e0731e

    SHA1

    dd8ac9c477f84d7a9ee8b97ffc5f7706d9a1022a

    SHA256

    980b0a32561f955f595367a16a1f33f06c191e84ba28a0039ef00dfdef24a513

    SHA512

    f523b710d1bf1de8413d5d6a40706e7d9b0427f8c7a0ac9025cc4f018ff1e3a3c4d4702b1a71a71c808430b3145ba2813c10d2a6390499d4bbb70f32fec7b28c

    Download Submit

  • \Users\HUSUFFQ.EXE
    Filesize

    198KB

    MD5

    2b4bf3671c7ab4b1df766b0b61e0731e

    SHA1

    dd8ac9c477f84d7a9ee8b97ffc5f7706d9a1022a

    SHA256

    980b0a32561f955f595367a16a1f33f06c191e84ba28a0039ef00dfdef24a513

    SHA512

    f523b710d1bf1de8413d5d6a40706e7d9b0427f8c7a0ac9025cc4f018ff1e3a3c4d4702b1a71a71c808430b3145ba2813c10d2a6390499d4bbb70f32fec7b28c

    Download Submit

  • memory/2188-27-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2188-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-31-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-34-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-29-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-30-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-26-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2716-32-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-33-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-28-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-35-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-36-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-37-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-38-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-39-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-40-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-41-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2716-42-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download