Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.73195...e0.exe

windows7-x64

7

NEAS.73195...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7319543191e98b9e2b380d0557b9a5e0.exe

  • Size

    200KB

  • MD5

    7319543191e98b9e2b380d0557b9a5e0

  • SHA1

    14ac8cc014a4f82db77372bb2574a285d4ebf188

  • SHA256

    e2e93a3d1445513c1f37e8a327decdac114fc9885ad06754814c66610d119403

  • SHA512

    01e7f3fbd96af8a1ab428bfdf99c2419ff4cc39e23c0486c3a1047c17ffda232c2fb224303cff867bef2be453e500aa377bc5a804a9b29962a6548b54695821f

  • SSDEEP

    6144:Sghc69v5a1mG8KfchsZ9B3zYl1WGYYG1B7u:Nhc69i8KRZ9ZzYlk4G1BC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 396
      2⤵
      • Program crash
      PID:5072
    • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3988
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 364
        3⤵
        • Program crash
        PID:944
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 932 -ip 932
    1⤵
      PID:4704
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3988 -ip 3988
      1⤵
        PID:448

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\NEAS.7319543191e98b9e2b380d0557b9a5e0.exe
        Filesize

        200KB

        MD5

        1e8b402d442acf3c38e31059ea9fdfe5

        SHA1

        2f6b037f59a835ca6c7fc8bd51806beade4fb3ac

        SHA256

        6210c3e43faa0c0d2dfd88b5957e4dadfd4b5c15f3e347c460d2e297a34e1833

        SHA512

        88f9acfa64493624cf08c2a78ec8e2633bc2bca432d43a68d025bdc84d9e6c487a58179f7ddc6eef2337ec407f98cabb38dd13b603b117525281bdd639c247b6

        Download Submit

      • memory/932-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/932-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3988-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3988-9-0x00000000014C0000-0x00000000014FF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3988-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3988-14-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download