Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
11/11/2023, 04:24
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe
-
Size
161KB
-
MD5
cc4f5fd89260bebc79f7a3a47585d6d0
-
SHA1
336289221e72c929af0428c1d956319c9ce025a5
-
SHA256
73ae2de93514a15d4f902fdac740c8ea6f29acf7fb459dc7523d471e2ef0e7fa
-
SHA512
f56524577d515b255da184f945cc1877a41b442d15a51dfca89ed9e30e98f813e774fb776118bb9cb54637c4e8743f34406c649d49da7ab50151c668843b7ff5
-
SSDEEP
3072:51oVtum4WHvjVGr8kgB9s8p+uRcKVHM0lma3UroAew5ak23n2MgN8Dljl:5mtmCjkU9Wu6uFYwsegak22TQlh
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1900 suvkbwn.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\suvkbwn.exe NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe File created C:\PROGRA~3\Mozilla\wfwcssm.dll suvkbwn.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2076 NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe 1900 suvkbwn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 1900 2332 taskeng.exe 29 PID 2332 wrote to memory of 1900 2332 taskeng.exe 29 PID 2332 wrote to memory of 1900 2332 taskeng.exe 29 PID 2332 wrote to memory of 1900 2332 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.cc4f5fd89260bebc79f7a3a47585d6d0.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2076
-
C:\Windows\system32\taskeng.exetaskeng.exe {1EAC746F-3A38-486E-BADF-E3E2919F3C80} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\PROGRA~3\Mozilla\suvkbwn.exeC:\PROGRA~3\Mozilla\suvkbwn.exe -tlhykym2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
161KB
MD50b95cd066b38efe5d9f730bff2b0f161
SHA1c32d48d0d0b69512284394f24eaf97551fd0e53b
SHA2564a3ae085356a0703a525b055a693466ce38de11df397ebdfeb698885c1c4e066
SHA5127003b695697a9943c0ecc9035ff54ea9ca6bda50f79fb08efe1e42e55a224c438244e133f4684531ae42c7b7f4ae567c5612d6b5fb1bb8c8d6c716c2f91f7b3f
-
Filesize
161KB
MD50b95cd066b38efe5d9f730bff2b0f161
SHA1c32d48d0d0b69512284394f24eaf97551fd0e53b
SHA2564a3ae085356a0703a525b055a693466ce38de11df397ebdfeb698885c1c4e066
SHA5127003b695697a9943c0ecc9035ff54ea9ca6bda50f79fb08efe1e42e55a224c438244e133f4684531ae42c7b7f4ae567c5612d6b5fb1bb8c8d6c716c2f91f7b3f