Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.07e05...80.exe

windows7-x64

7

NEAS.07e05...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 23:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.07e058316338bb6ec321f9eada84d380.exe

  • Size

    469KB

  • MD5

    07e058316338bb6ec321f9eada84d380

  • SHA1

    be43d2a4bbba5c44bc316c3ea3efdfbb63a53b7a

  • SHA256

    3681a9093529255ff1a1f321fd86d709d040a8a72160df5f6a0d6250ec9453fa

  • SHA512

    5551539f299441fb3001c0bc42a355819e210fed74336656796e24f88f72efe9f15f856875667324c97ee6cad70130abb88252eeea3ee39c87456bb59a6de87e

  • SSDEEP

    6144:GTykDONo0jv7IoPfeq1ZzxRJbL7f5LAh3rESLL6U/h9//6f9mFSVoztR6/Gh0fAz:GLry/neyx7fDA6M8mFim76uKXddbNG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.07e058316338bb6ec321f9eada84d380.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files (x86)\xnfg\zncqngyf.exe
      "C:\Program Files (x86)\xnfg\zncqngyf.exe"
      2⤵
      • Executes dropped EXE
      PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\xnfg\zncqngyf.exe
    Filesize

    482KB

    MD5

    f5c2ee1d954abd4ffb50a02d79e7ae71

    SHA1

    563b81eb7e66227177beb75ce41a4d067d185abc

    SHA256

    b319298e3682034af3bfd4a948d37c0240a06f010f407795fe1cecb9084b2eaf

    SHA512

    e6e7acd928b3fccb2f868bc940142bcdbef21548a235dabbe948ae01f58ec21f76ccb78110981c3c4a24f005ffaf55dbb8397a41a9b0413b012b28526021e5a5

    Download Submit

  • C:\Program Files (x86)\xnfg\zncqngyf.exe
    Filesize

    482KB

    MD5

    f5c2ee1d954abd4ffb50a02d79e7ae71

    SHA1

    563b81eb7e66227177beb75ce41a4d067d185abc

    SHA256

    b319298e3682034af3bfd4a948d37c0240a06f010f407795fe1cecb9084b2eaf

    SHA512

    e6e7acd928b3fccb2f868bc940142bcdbef21548a235dabbe948ae01f58ec21f76ccb78110981c3c4a24f005ffaf55dbb8397a41a9b0413b012b28526021e5a5

    Download Submit

  • memory/880-7-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/880-8-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2296-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2296-1-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/2296-6-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download