Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2023, 19:43

General

  • Target

    NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe

  • Size

    109KB

  • MD5

    1f3ed2ae1deda3ad1cb6aa7e076b3f80

  • SHA1

    c176c01170e3314b0a9fd5508f7df220d82fb6da

  • SHA256

    28440a81782a02146cc9a76188c169a04962dd280ed88c20ec8958d2652738f6

  • SHA512

    451b5a7b5dda6f8de0afe0224081c56f40fb68b440ee3b897ac4f49874aef046f0b61b6ce7f92361614b138b873696c4d095027373b436779d9b743df9ca673c

  • SSDEEP

    3072:lePSUwlQjwL88HDv9fovKJ9yLCqwzBu1DjHLMVDqqkSpR:l2jr8HhJJ9Gwtu1DjrFqhz

Malware Config

Signatures

  • Malware Backdoor - Berbew 2 IoCs

    Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.1f3ed2ae1deda3ad1cb6aa7e076b3f80.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 140
      2⤵
      • Program crash
      PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-0-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

  • memory/2668-1-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB