Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.73195...e0.exe

windows7-x64

7

NEAS.73195...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7319543191e98b9e2b380d0557b9a5e0.exe

  • Size

    200KB

  • MD5

    7319543191e98b9e2b380d0557b9a5e0

  • SHA1

    14ac8cc014a4f82db77372bb2574a285d4ebf188

  • SHA256

    e2e93a3d1445513c1f37e8a327decdac114fc9885ad06754814c66610d119403

  • SHA512

    01e7f3fbd96af8a1ab428bfdf99c2419ff4cc39e23c0486c3a1047c17ffda232c2fb224303cff867bef2be453e500aa377bc5a804a9b29962a6548b54695821f

  • SSDEEP

    6144:Sghc69v5a1mG8KfchsZ9B3zYl1WGYYG1B7u:Nhc69i8KRZ9ZzYlk4G1BC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
    Filesize

    200KB

    MD5

    fdfa716fe6f0c4cd4df119d57e9f3995

    SHA1

    8479f9b7df46c345c18737ca405dc2f2d3ebe600

    SHA256

    f3262c918a58e3fd2553036159a6e83ded3dce664f4245d0df70028b3ad0d754

    SHA512

    d1fa7785cf84d2d9216f95c76d69e3f941a56dac0d7c0957ceabd8a02b6be010ab0f25cf62fd9276831cba38f23e64780143f6becf4db08d82c90844ab988903

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
    Filesize

    200KB

    MD5

    fdfa716fe6f0c4cd4df119d57e9f3995

    SHA1

    8479f9b7df46c345c18737ca405dc2f2d3ebe600

    SHA256

    f3262c918a58e3fd2553036159a6e83ded3dce664f4245d0df70028b3ad0d754

    SHA512

    d1fa7785cf84d2d9216f95c76d69e3f941a56dac0d7c0957ceabd8a02b6be010ab0f25cf62fd9276831cba38f23e64780143f6becf4db08d82c90844ab988903

    Download Submit

  • memory/1448-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1448-12-0x0000000000130000-0x000000000016F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1448-9-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1448-17-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1744-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1744-10-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download