Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.07e05...80.exe

windows7-x64

7

NEAS.07e05...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.07e058316338bb6ec321f9eada84d380.exe

  • Size

    469KB

  • MD5

    07e058316338bb6ec321f9eada84d380

  • SHA1

    be43d2a4bbba5c44bc316c3ea3efdfbb63a53b7a

  • SHA256

    3681a9093529255ff1a1f321fd86d709d040a8a72160df5f6a0d6250ec9453fa

  • SHA512

    5551539f299441fb3001c0bc42a355819e210fed74336656796e24f88f72efe9f15f856875667324c97ee6cad70130abb88252eeea3ee39c87456bb59a6de87e

  • SSDEEP

    6144:GTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh3rESLL6U/h9//6f9mFSVoztR6/Gh0fAz:GLry/neyx7fDA6M8mFim76uKXddbNG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
      "C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe"
      2⤵
      • Executes dropped EXE
      PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
    Filesize

    482KB

    MD5

    38fdf8249d768ab022bf66acffd11259

    SHA1

    af76cf8bbf36cd5e1d45c445961151f1dcbcf824

    SHA256

    bac196aab0d9668d3d961c30303c4ef781e1f9c8f86f7b0126d00f369f872a27

    SHA512

    dc2a4ad6d183c02bc44171109c31244e370b3ba66d5c4e03a4bf0b8c49e673e520ee523c55f6e529fcdfe430e46de1c27c98c15dee4e33af3d2b38bb167f63f1

    Download Submit

  • \Program Files (x86)\alandtaxza\rrujhcvfcnbrm.exe
    Filesize

    482KB

    MD5

    38fdf8249d768ab022bf66acffd11259

    SHA1

    af76cf8bbf36cd5e1d45c445961151f1dcbcf824

    SHA256

    bac196aab0d9668d3d961c30303c4ef781e1f9c8f86f7b0126d00f369f872a27

    SHA512

    dc2a4ad6d183c02bc44171109c31244e370b3ba66d5c4e03a4bf0b8c49e673e520ee523c55f6e529fcdfe430e46de1c27c98c15dee4e33af3d2b38bb167f63f1

    Download Submit

  • memory/2040-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2040-1-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2040-7-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2804-9-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2804-10-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download