Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.5e992...20.exe

windows7-x64

8

NEAS.5e992...20.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2023, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.5e992bcb2a6eb92a9f3b11a6bf11d320.exe

  • Size

    181KB

  • MD5

    5e992bcb2a6eb92a9f3b11a6bf11d320

  • SHA1

    d717a4c12f1aa1cf4691f4951bbeca80b95e7163

  • SHA256

    caa0e32b9d6f26611314a5822bb7da998e0ddedaefa1be16a5909f0b41c275fc

  • SHA512

    b9b34e8d8767b8f6f73677e1b0286891a6390aa43fd0f1a9fca5d1d02f5ecd9e38b987a5179dceeb809d73d56e6eb4256675ca3c265746ac0f333288d4761230

  • SSDEEP

    3072:YG9WdoX/14GwN+iHhK/xYHeAvG4HTQSKsTRbjpu5kS6AF+mheuxRO0Vrb:D9WG14GWx2xYnIstbjgHESeuz5b

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.5e992bcb2a6eb92a9f3b11a6bf11d320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5e992bcb2a6eb92a9f3b11a6bf11d320.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1672
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {4801DE90-C58B-4AF5-A5C0-82017C273EF9} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\PROGRA~3\Mozilla\zimfrwc.exe
      C:\PROGRA~3\Mozilla\zimfrwc.exe -gtjzibe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\zimfrwc.exe
    Filesize

    181KB

    MD5

    2ba551c2a9a66874b72b871277dffe09

    SHA1

    f874d9d1ee68b0f03ce452580852fbcf181e4d82

    SHA256

    2ef0aecd9ec0dd60c37f8cd8a58cf2b95bc05dae541447f323ad402977200eb5

    SHA512

    b473947bf23bbc31bdb8dbe1895e4e440be27dc5a384bacf2da72485de95ff2f326af2ba968d80061e73498217c94d282877fe11b253071365a6fd401eb19813

    Download Submit

  • C:\PROGRA~3\Mozilla\zimfrwc.exe
    Filesize

    181KB

    MD5

    2ba551c2a9a66874b72b871277dffe09

    SHA1

    f874d9d1ee68b0f03ce452580852fbcf181e4d82

    SHA256

    2ef0aecd9ec0dd60c37f8cd8a58cf2b95bc05dae541447f323ad402977200eb5

    SHA512

    b473947bf23bbc31bdb8dbe1895e4e440be27dc5a384bacf2da72485de95ff2f326af2ba968d80061e73498217c94d282877fe11b253071365a6fd401eb19813

    Download Submit

  • memory/1672-0-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1672-1-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1672-7-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2544-10-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2544-11-0x00000000002E0000-0x000000000033B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2544-17-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download