Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
07/11/2023, 20:48
Behavioral task
behavioral1
Sample
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
Resource
win10v2004-20231025-en
General
-
Target
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
-
Size
122KB
-
MD5
aff625098f90aea87a86e1e94d1ff970
-
SHA1
fe163d84539a8bc5411614e2dc6ec3467b8ea19e
-
SHA256
975e700ee720d911ff1f794bbc843517b278292aa959ecbc9415f2a8be9f38ea
-
SHA512
12753ccc5e0506cee33b252670147253705c238ca6c30d7fa88fd5222d17db7011223f183ce5dae619e7b31e646b5e736bbd65a82e43e35957832efb23151aa4
-
SSDEEP
3072:RAbPLV7Pz2vVYtwOQ5jv3Gd22DMfhCq5RHcwlNAh:ibPLJLtwdv2PalHah
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2684 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Executes dropped EXE 1 IoCs
pid Process 2684 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Loads dropped DLL 1 IoCs
pid Process 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
resource yara_rule behavioral1/memory/2868-0-0x0000000000400000-0x000000000047D000-memory.dmp upx behavioral1/files/0x00060000000120bd-11.dat upx behavioral1/memory/2684-17-0x0000000000400000-0x000000000047D000-memory.dmp upx behavioral1/files/0x00060000000120bd-16.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 2684 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2868 wrote to memory of 2684 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 28 PID 2868 wrote to memory of 2684 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 28 PID 2868 wrote to memory of 2684 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 28 PID 2868 wrote to memory of 2684 2868 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exeC:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2684
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
122KB
MD5b7dfcadf253050cb928e7b72d2d2e034
SHA186130c09cde02f3ff8944d7880f9bec68c346c0c
SHA256a193483272c7660e5c6963798a7b32c81df4b4b53169774b48773d45bb65e4d2
SHA512be006be57d982b7ed953c55853909f86f2435a1e755cdfb6cef054cdb5d8be7717a809dcea1921d77ddeb81c0062ba9b111d4aee57092026b7e607ba99c23f97
-
Filesize
122KB
MD5b7dfcadf253050cb928e7b72d2d2e034
SHA186130c09cde02f3ff8944d7880f9bec68c346c0c
SHA256a193483272c7660e5c6963798a7b32c81df4b4b53169774b48773d45bb65e4d2
SHA512be006be57d982b7ed953c55853909f86f2435a1e755cdfb6cef054cdb5d8be7717a809dcea1921d77ddeb81c0062ba9b111d4aee57092026b7e607ba99c23f97