Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.07e05...80.exe

windows7-x64

7

NEAS.07e05...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 23:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.07e058316338bb6ec321f9eada84d380.exe

  • Size

    469KB

  • MD5

    07e058316338bb6ec321f9eada84d380

  • SHA1

    be43d2a4bbba5c44bc316c3ea3efdfbb63a53b7a

  • SHA256

    3681a9093529255ff1a1f321fd86d709d040a8a72160df5f6a0d6250ec9453fa

  • SHA512

    5551539f299441fb3001c0bc42a355819e210fed74336656796e24f88f72efe9f15f856875667324c97ee6cad70130abb88252eeea3ee39c87456bb59a6de87e

  • SSDEEP

    6144:GTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh3rESLL6U/h9//6f9mFSVoztR6/Gh0fAz:GLry/neyx7fDA6M8mFim76uKXddbNG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
      "C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe"
      2⤵
      • Executes dropped EXE
      PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
    Filesize

    482KB

    MD5

    38fdf8249d768ab022bf66acffd11259

    SHA1

    af76cf8bbf36cd5e1d45c445961151f1dcbcf824

    SHA256

    bac196aab0d9668d3d961c30303c4ef781e1f9c8f86f7b0126d00f369f872a27

    SHA512

    dc2a4ad6d183c02bc44171109c31244e370b3ba66d5c4e03a4bf0b8c49e673e520ee523c55f6e529fcdfe430e46de1c27c98c15dee4e33af3d2b38bb167f63f1

    Download Submit

  • \Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
    Filesize

    482KB

    MD5

    38fdf8249d768ab022bf66acffd11259

    SHA1

    af76cf8bbf36cd5e1d45c445961151f1dcbcf824

    SHA256

    bac196aab0d9668d3d961c30303c4ef781e1f9c8f86f7b0126d00f369f872a27

    SHA512

    dc2a4ad6d183c02bc44171109c31244e370b3ba66d5c4e03a4bf0b8c49e673e520ee523c55f6e529fcdfe430e46de1c27c98c15dee4e33af3d2b38bb167f63f1

    Download Submit

  • memory/2040-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2040-1-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2040-7-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2804-9-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2804-10-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.