Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

NEAS.aff62...70.exe

windows7-x64

7

NEAS.aff62...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.aff625098f90aea87a86e1e94d1ff970.exe

  • Size

    122KB

  • MD5

    aff625098f90aea87a86e1e94d1ff970

  • SHA1

    fe163d84539a8bc5411614e2dc6ec3467b8ea19e

  • SHA256

    975e700ee720d911ff1f794bbc843517b278292aa959ecbc9415f2a8be9f38ea

  • SHA512

    12753ccc5e0506cee33b252670147253705c238ca6c30d7fa88fd5222d17db7011223f183ce5dae619e7b31e646b5e736bbd65a82e43e35957832efb23151aa4

  • SSDEEP

    3072:RAbPLV7Pz2vVYtwOQ5jv3Gd22DMfhCq5RHcwlNAh:ibPLJLtwdv2PalHah

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe
    Filesize

    122KB

    MD5

    b7dfcadf253050cb928e7b72d2d2e034

    SHA1

    86130c09cde02f3ff8944d7880f9bec68c346c0c

    SHA256

    a193483272c7660e5c6963798a7b32c81df4b4b53169774b48773d45bb65e4d2

    SHA512

    be006be57d982b7ed953c55853909f86f2435a1e755cdfb6cef054cdb5d8be7717a809dcea1921d77ddeb81c0062ba9b111d4aee57092026b7e607ba99c23f97

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe
    Filesize

    122KB

    MD5

    b7dfcadf253050cb928e7b72d2d2e034

    SHA1

    86130c09cde02f3ff8944d7880f9bec68c346c0c

    SHA256

    a193483272c7660e5c6963798a7b32c81df4b4b53169774b48773d45bb65e4d2

    SHA512

    be006be57d982b7ed953c55853909f86f2435a1e755cdfb6cef054cdb5d8be7717a809dcea1921d77ddeb81c0062ba9b111d4aee57092026b7e607ba99c23f97

    Download Submit

  • memory/2684-17-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/2684-18-0x0000000000140000-0x000000000015F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2684-25-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2684-26-0x0000000000170000-0x000000000018E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2684-31-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/2868-0-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/2868-1-0x0000000000140000-0x000000000015F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2868-2-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2868-15-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download