Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
07/11/2023, 19:41
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.f41612bde57866ad2df3741db9b1ed80.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.f41612bde57866ad2df3741db9b1ed80.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.f41612bde57866ad2df3741db9b1ed80.exe
-
Size
126KB
-
MD5
f41612bde57866ad2df3741db9b1ed80
-
SHA1
3a22dec5443c4ef4e8d68adbc11713821ed57422
-
SHA256
98ac27468af8ff0aa870322c5e597d289cbf19e77a17654e7f2e33507c68d314
-
SHA512
de8f90fca76b35fd3f54ba17f395493d6144491b30eba287a279d4aa733f6bbb10e85291d248c350af6f43ffbe05761f028b911e7bc7f39b9e9ce962adbb4feb
-
SSDEEP
3072:5COqnKQybPLlGRqXcryRwAF0r+A/nZZaEDgF:5s5ybPL6mcrymK0SEZZXgF
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2664 pwhehon.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\pwhehon.exe NEAS.f41612bde57866ad2df3741db9b1ed80.exe File created C:\PROGRA~3\Mozilla\mudzpnf.dll pwhehon.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2796 wrote to memory of 2664 2796 taskeng.exe 28 PID 2796 wrote to memory of 2664 2796 taskeng.exe 28 PID 2796 wrote to memory of 2664 2796 taskeng.exe 28 PID 2796 wrote to memory of 2664 2796 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.f41612bde57866ad2df3741db9b1ed80.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.f41612bde57866ad2df3741db9b1ed80.exe"1⤵
- Drops file in Program Files directory
PID:2652
-
C:\Windows\system32\taskeng.exetaskeng.exe {D8764335-CC12-4DC8-865B-8F604419C157} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\PROGRA~3\Mozilla\pwhehon.exeC:\PROGRA~3\Mozilla\pwhehon.exe -arzwbsb2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2664
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
126KB
MD57a5a6c2de06d7eba56beee02d37f259f
SHA1d7e9f30307cdb1c1a6ebd927c04953e75b23c216
SHA2564ccf982c049290936a3e2b6fc550083ed6071cfb6145fd402279898141d54b22
SHA5126822ae3cf68c776a07685f91d5c6b5f7f3b814b52d8778b3f42d571c2987622286fad6095975ed5f001873f1db6fbaff7c175e3a9115c5f227da31a3462ca864
-
Filesize
126KB
MD57a5a6c2de06d7eba56beee02d37f259f
SHA1d7e9f30307cdb1c1a6ebd927c04953e75b23c216
SHA2564ccf982c049290936a3e2b6fc550083ed6071cfb6145fd402279898141d54b22
SHA5126822ae3cf68c776a07685f91d5c6b5f7f3b814b52d8778b3f42d571c2987622286fad6095975ed5f001873f1db6fbaff7c175e3a9115c5f227da31a3462ca864