Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
11/11/2023, 19:16
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.458b335b1d6a0fcd33112863a014d450.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.458b335b1d6a0fcd33112863a014d450.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.458b335b1d6a0fcd33112863a014d450.exe
-
Size
195KB
-
MD5
458b335b1d6a0fcd33112863a014d450
-
SHA1
a2e8b04155a48538ab798eb28be10e51bab5cb7a
-
SHA256
bb2b54e9689794cfd40fe2126102203ccb00ee5d3aae22e5f3b6db95cb18f1b9
-
SHA512
06090b7243b4e64afa12ff14d7893fe950c72fdb0d0ddbf3d0fab348548911c49d48cdb2d5775e417212291faaee0999a828b6dd9c5bc40c1044b35594977327
-
SSDEEP
3072:7mLy5XClqNrbPY4oLonnMXZKdujCa5BQbXHQSOydRmTgpZWYS2jbxWGqJslB:7w2ylq+b8nnUKAQbXHN1gWXSbGqJwB
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2764 dhuqaed.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\dhuqaed.exe NEAS.458b335b1d6a0fcd33112863a014d450.exe File created C:\PROGRA~3\Mozilla\fjgblbm.dll dhuqaed.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1720 NEAS.458b335b1d6a0fcd33112863a014d450.exe 2764 dhuqaed.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2764 2128 taskeng.exe 29 PID 2128 wrote to memory of 2764 2128 taskeng.exe 29 PID 2128 wrote to memory of 2764 2128 taskeng.exe 29 PID 2128 wrote to memory of 2764 2128 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.458b335b1d6a0fcd33112863a014d450.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.458b335b1d6a0fcd33112863a014d450.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1720
-
C:\Windows\system32\taskeng.exetaskeng.exe {4BCDBCC0-112D-4330-B16F-EAE6B95704FF} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\PROGRA~3\Mozilla\dhuqaed.exeC:\PROGRA~3\Mozilla\dhuqaed.exe -vpwggce2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2764
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD56f79b06906848c191aa38101ae79da11
SHA1e6faef82c7b113acda07064e1de2bb7589fd4f57
SHA2569f883e32358ecf2d9ceb77c571d661d81206b94a3a3fdb5016451d5fa0d863c7
SHA512812ab02f3b98348557d567ab64f5148d413f585bd8afb1ca3053c9979d4a8c511bca4a57c6fe0e2065b4e92865f2bc9af578440d0f9bf480ec4482da70660d97
-
Filesize
195KB
MD56f79b06906848c191aa38101ae79da11
SHA1e6faef82c7b113acda07064e1de2bb7589fd4f57
SHA2569f883e32358ecf2d9ceb77c571d661d81206b94a3a3fdb5016451d5fa0d863c7
SHA512812ab02f3b98348557d567ab64f5148d413f585bd8afb1ca3053c9979d4a8c511bca4a57c6fe0e2065b4e92865f2bc9af578440d0f9bf480ec4482da70660d97