Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.f96d7...90.exe

windows7-x64

10

NEAS.f96d7...90.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    17/11/2023, 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe

  • Size

    426KB

  • MD5

    f96d72c2ec720db9b8cca7ce9f403390

  • SHA1

    212f374f6de532eab335d9efd95d02d7df6c704c

  • SHA256

    07f8c94a943d14c0691d3dd5a36037f63cac62f378ec80338c52995e357e8e12

  • SHA512

    675bef417900d5ce1c78d7373c4efc977e700c8f1be2b7ef95f08083adfaf2757f1eb5394fd13eafef67b2470dd1b59b952c3f5667ec9736f58e8dbf3c2b75af

  • SSDEEP

    3072:0ChJgYMm4xf9cU9KQ2BxA59SPMsOo6n2f0YK0FN8lpSUyKncAxi2/:8YMm4xiWKQ2BiCMMZK03kNcAT/

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.f96d72c2ec720db9b8cca7ce9f403390.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\b899d54c\jusched.exe
      "C:\Program Files (x86)\b899d54c\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\b899d54c\b899d54c
    Filesize

    17B

    MD5

    89931a70501a3362b6823b53523f5a77

    SHA1

    88c7e199c462ed8cc3af0ba453512b5b1fdcfdb5

    SHA256

    d30d9a0e64bc9f4a306617f087f30de6d57a5413793ab7bde13a299777a1b254

    SHA512

    8fa7ab4824ae86f3f47b3718c11f79ef275dd0639396572eaeb1262ad9153ccf43c633a7b292e30c97370436a09f22fbcf817a802015650ffb1f84d2b83483bd

    Download Submit

  • C:\Program Files (x86)\b899d54c\jusched.exe
    Filesize

    426KB

    MD5

    7d871b3be2e633c788fd7a7ddf1b57b9

    SHA1

    8041959414200a0d9b4aeaee034d84818cc0e698

    SHA256

    ee4c8eee998f57ac294baae2ae4de4481f0d59706cce5f1cc39c77d78b949ba2

    SHA512

    57bc4c1fb17d893ff556916e63af8cf18503b35c25954d297ebb4fa6e465c5934f96d6721601bf2cbf73c93a1db0a25fe9397d18b105ebe36fdf5675d66dc7ef

    Download Submit

  • C:\Program Files (x86)\b899d54c\jusched.exe
    Filesize

    426KB

    MD5

    7d871b3be2e633c788fd7a7ddf1b57b9

    SHA1

    8041959414200a0d9b4aeaee034d84818cc0e698

    SHA256

    ee4c8eee998f57ac294baae2ae4de4481f0d59706cce5f1cc39c77d78b949ba2

    SHA512

    57bc4c1fb17d893ff556916e63af8cf18503b35c25954d297ebb4fa6e465c5934f96d6721601bf2cbf73c93a1db0a25fe9397d18b105ebe36fdf5675d66dc7ef

    Download Submit

  • \Program Files (x86)\b899d54c\jusched.exe
    Filesize

    426KB

    MD5

    7d871b3be2e633c788fd7a7ddf1b57b9

    SHA1

    8041959414200a0d9b4aeaee034d84818cc0e698

    SHA256

    ee4c8eee998f57ac294baae2ae4de4481f0d59706cce5f1cc39c77d78b949ba2

    SHA512

    57bc4c1fb17d893ff556916e63af8cf18503b35c25954d297ebb4fa6e465c5934f96d6721601bf2cbf73c93a1db0a25fe9397d18b105ebe36fdf5675d66dc7ef

    Download Submit

  • \Program Files (x86)\b899d54c\jusched.exe
    Filesize

    426KB

    MD5

    7d871b3be2e633c788fd7a7ddf1b57b9

    SHA1

    8041959414200a0d9b4aeaee034d84818cc0e698

    SHA256

    ee4c8eee998f57ac294baae2ae4de4481f0d59706cce5f1cc39c77d78b949ba2

    SHA512

    57bc4c1fb17d893ff556916e63af8cf18503b35c25954d297ebb4fa6e465c5934f96d6721601bf2cbf73c93a1db0a25fe9397d18b105ebe36fdf5675d66dc7ef

    Download Submit

  • memory/1736-0-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1736-7-0x00000000027B0000-0x000000000282B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1736-12-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2388-14-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download