Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

NEAS.e6f86...10.exe

windows7-x64

8

NEAS.e6f86...10.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe

  • Size

    145KB

  • MD5

    e6f8662ec51d3cbb4e4a117d8610ca10

  • SHA1

    b0dd1620124782c6a36baa4057a3185f9e537571

  • SHA256

    3dec6c0d6e771b05006f99bd9ba599b820b87c4f186d45c8a4db077d324e8859

  • SHA512

    ef59631e95a129220481da4c7a3a43422f83924dbc0dbcdfaeadcfdcca6c7f580ba3530b47d7aa9d25bc234847a2df1ca62f16be51ade3b7e932a074b214095e

  • SSDEEP

    3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80vh:+aIsfQ28+4R7T5vrsXh

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e6f8662ec51d3cbb4e4a117d8610ca10.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2208
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {521045CB-5053-48EA-B630-858C4972A3D9} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\PROGRA~3\Mozilla\ajahmjj.exe
      C:\PROGRA~3\Mozilla\ajahmjj.exe -mngyzad
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\ajahmjj.exe
    Filesize

    145KB

    MD5

    eb1df2fb9c3b655b3c646586f7243b5f

    SHA1

    49c7a988012661dfc5ec18f09fe0009206e62bce

    SHA256

    2faadd980fcaef1797a73069764d7c56c660e845ac8b382799d1e173ad97b8f0

    SHA512

    bd23f280242dc003b9d10c5857dda5241f82173189474fb1e0df27fca25b17b9ba240a0710714e598c4856aab29b36c4d57efd636271fcb0402987a3ad56bf9d

    Download Submit

  • C:\PROGRA~3\Mozilla\ajahmjj.exe
    Filesize

    145KB

    MD5

    eb1df2fb9c3b655b3c646586f7243b5f

    SHA1

    49c7a988012661dfc5ec18f09fe0009206e62bce

    SHA256

    2faadd980fcaef1797a73069764d7c56c660e845ac8b382799d1e173ad97b8f0

    SHA512

    bd23f280242dc003b9d10c5857dda5241f82173189474fb1e0df27fca25b17b9ba240a0710714e598c4856aab29b36c4d57efd636271fcb0402987a3ad56bf9d

    Download Submit

  • memory/2124-11-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2124-12-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2124-17-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2208-0-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2208-1-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2208-2-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2208-3-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2208-7-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2208-8-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download