Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.b7bd7...20.exe

windows7-x64

8

NEAS.b7bd7...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2023, 10:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b7bd79690ddc5dc36b49296f93eea920.exe

  • Size

    202KB

  • MD5

    b7bd79690ddc5dc36b49296f93eea920

  • SHA1

    0857e813ed363efb424b9e38a69906cb8e111266

  • SHA256

    af60c583f2a65e31cd11f7dc7dbd35a1302f41d3fd6809f087757805071da0c4

  • SHA512

    86c094882d717ae4d7b4d47004095b6dd6cc03bf25973f24a12be0f9d572638be5a4707622401c23b1b6c58d400d75151442b03aa96dd8f7ec01ec76f90bbbfe

  • SSDEEP

    3072:06oGO9DJdnPfvnM3YzRZgGkmTTZ9nLqsKMt9oseV2gXbrIQqmPOyCc1:0XVP3Mu0mnZlLvKyyV2gLSnU

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b7bd79690ddc5dc36b49296f93eea920.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b7bd79690ddc5dc36b49296f93eea920.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1748
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {918EB370-6171-4477-A5C1-A60A0C9E7AB2} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\PROGRA~3\Mozilla\ajahmjj.exe
      C:\PROGRA~3\Mozilla\ajahmjj.exe -mngyzad
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\ajahmjj.exe
    Filesize

    202KB

    MD5

    4ff51f970a2a2594e598615e2688283e

    SHA1

    87c009065862519cdd36dc16fb3405385ff0e32c

    SHA256

    31ab60c773804ae8524e04f06e6b48f6a744979bb7d3bfbb87cb904736e5ecbe

    SHA512

    90c842819ec4d892f7f6d6f4526dc2e703adf5a26bfddb463b81388211c27420342b6f020067fe4a5c56bf719969a0f2bdeee09ec117c8b22108564f00dafd45

    Download Submit

  • C:\PROGRA~3\Mozilla\ajahmjj.exe
    Filesize

    202KB

    MD5

    4ff51f970a2a2594e598615e2688283e

    SHA1

    87c009065862519cdd36dc16fb3405385ff0e32c

    SHA256

    31ab60c773804ae8524e04f06e6b48f6a744979bb7d3bfbb87cb904736e5ecbe

    SHA512

    90c842819ec4d892f7f6d6f4526dc2e703adf5a26bfddb463b81388211c27420342b6f020067fe4a5c56bf719969a0f2bdeee09ec117c8b22108564f00dafd45

    Download Submit

  • memory/1748-0-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1748-2-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1748-1-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1748-3-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1748-4-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/1748-8-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2412-11-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download

  • memory/2412-17-0x0000000000400000-0x0000000000465000-memory.dmp

    Filesize

    404KB

    Download