Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.0461c...JC.exe

windows7-x64

7

NEAS.0461c...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.0461c66b46640823d38b5112983cae60_JC.exe

  • Size

    391KB

  • MD5

    0461c66b46640823d38b5112983cae60

  • SHA1

    85c86bb98e905114923e1ce11305a0d2a715da65

  • SHA256

    978362229a73d703cf6d3536e09abec9a518d0916b1ceac0bba03c468495e31c

  • SHA512

    727ef35c8c951495b342587a49ae16cdd5deaa6e398ed572cd3c2c6a7e5239622c993d121ba0a88bda08894024b84b9cfff6ff27e89e402e1f3d70a9775aba5a

  • SSDEEP

    6144:0Gyw99vtxI7XzzQoRXdla8To8maHHko/9FsHbtR28mI1dY0:w4vt6bXQoRXdlHToQnl9OH2NID

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.0461c66b46640823d38b5112983cae60_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.0461c66b46640823d38b5112983cae60_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gfdBB12.tmp
    Filesize

    264KB

    MD5

    b795e14dcb8b6f9f79c459c033cc5218

    SHA1

    337d7e4d738dcfc54bda89c76857d834b4fc937a

    SHA256

    6f952d44fef31c1ea27ec812a6102dda47529a9c14589ca36e6d27f67565d905

    SHA512

    d93b1d3b5351f97b0af91589378f9b4733efb13510531cdd58936f8bd0bdc4d8ad9a613dea3a023d77e516dca40fe87e729346fd7825e0e30ab71a8dcf665e4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gfdBB12.tmp
    Filesize

    264KB

    MD5

    b795e14dcb8b6f9f79c459c033cc5218

    SHA1

    337d7e4d738dcfc54bda89c76857d834b4fc937a

    SHA256

    6f952d44fef31c1ea27ec812a6102dda47529a9c14589ca36e6d27f67565d905

    SHA512

    d93b1d3b5351f97b0af91589378f9b4733efb13510531cdd58936f8bd0bdc4d8ad9a613dea3a023d77e516dca40fe87e729346fd7825e0e30ab71a8dcf665e4f

    Download Submit

  • memory/3976-2-0x00000000027C0000-0x0000000002806000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3976-3-0x00000000752E0000-0x0000000075A90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3976-4-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-5-0x0000000005520000-0x0000000005AC4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3976-6-0x0000000005010000-0x00000000050A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3976-7-0x0000000004F70000-0x0000000004F7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3976-8-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-9-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-10-0x0000000008290000-0x00000000082F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3976-19-0x00000000752E0000-0x0000000075A90000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3976-20-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-21-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-22-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3976-23-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download