Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9d7efad182...cb.exe

windows7-x64

10

9d7efad182...cb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe

  • Size

    3.0MB

  • MD5

    056c3b73ea0edf02f734d445ed945e55

  • SHA1

    b25b0c776707501b2ec9097a147f1a9d23146de1

  • SHA256

    9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb

  • SHA512

    d01e4660843136a71358a7d2dc86878f528ded1964ca5eaa7bb217faf0e7af4c07c0797987ea3b25b19947f12d659fca939bf8d891107f3fd8a61adc9ec11945

  • SSDEEP

    49152:CHyjtk2MYC5GDvdAxk6N7MgR05ZHVFveSo6ghCn9:Cmtk2aOdAxzN7Mu05ZHfeSfn9

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 13 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    "C:\Users\Admin\AppData\Local\Temp\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe"
        3⤵
        • Executes dropped EXE
        PID:2560
      • C:\ProgramData\Synaptics\Synaptics.exe
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
          4⤵
          • Executes dropped EXE
          PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
    Filesize

    859KB

    MD5

    754309b7b83050a50768236ee966224f

    SHA1

    10ed7efc2e594417ddeb00a42deb8fd9f804ed53

    SHA256

    acd32dd903e5464b0ecd153fb3f71da520d2e59a63d4c355d9c1874c919d04e6

    SHA512

    e5aaddf62c08c8fcc1ae3f29df220c5c730a2efa96dd18685ee19f5a9d66c4735bb4416c4828033661990604669ed345415ef2dc096ec75e1ab378dd804b1614

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    318KB

    MD5

    2b56586e30bd7a991817710f75eca154

    SHA1

    0084ae130f71a9f7416d79fe9b6ba1b7ba43ffb9

    SHA256

    daf5c5d291adec26772ed5647a235f19ff2fd096e4f7dddf8359b5b8191cd959

    SHA512

    82810b332766873562e040b5e6b587b7c6ab52c25e140aec44196154533e28c8c0255815224721dc6fe946fb83e8224a9906033efa7a77902814dc3dfe96ee81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    256KB

    MD5

    6692d08ea58b2b1e6519c4e08681904a

    SHA1

    58073e1c259021e19ae106c12e0e7ff957482df3

    SHA256

    ada9f6a5eb90add2593fc3ceab5bcdbda1bd55fd4df83f14ec77fd25d74f7522

    SHA512

    8611cc6697a0a38242183242938796c0e80ee37a005d5c653b2618784b272a78e0c7517a03c25f4444e67ebca0bddb642c2a4869e524151e80d5a8fa61a64deb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    448KB

    MD5

    87e2d68117c3c18a50e7a1468b0bf48e

    SHA1

    cdbe1051bfa0efa7291f20c96186551d85ef59fe

    SHA256

    c17013abd32e0be4b017359357b4f5b8366814e8654175834f4a69f202181fdd

    SHA512

    647e2396381be069ea1c90afa3a8233e3a39ee389866852367fca0785aca607ce0cd4ef8d82578ffd79d4383554c87940623eee5514b40529679b3347dbb5675

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    2.9MB

    MD5

    b6d02690a4e4240f6bca29b837753886

    SHA1

    7671a9387881991ec05ecaf28dfde926bf419f80

    SHA256

    2119427883f854bfc6c0e7341974f6749df508478b6b5990f7e4967fb4c254e9

    SHA512

    99c826a8f8da6f9425d28b609f3e8318e410105c322e66aebfeee5138ce481e1ded893f966c63ad3196541191ff15b4301390e9392cb8668800a1eb4a04f2808

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    384KB

    MD5

    19a1dc926c33d0ec3c457a9d9b600913

    SHA1

    eaa57f9bd1c79f55d75758021874dea6433ec9e8

    SHA256

    474d6466783c954185a4ccf6091e8e838e5aa7da82d0cd62df3a3dab02576ab9

    SHA512

    3da09eb006cf5b26d4829b63f767190dbc09207be2b70c53d3fe4c3c0007bfc41b23f935027be13da7ec54ecb35ba3b05c7b2d20d11fd4d75713a69d1fce5114

    Download Submit

  • \PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
    Filesize

    252KB

    MD5

    9e2b9928c89a9d0da1d3e8f4bd96afa7

    SHA1

    ec66cda99f44b62470c6930e5afda061579cde35

    SHA256

    8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043

    SHA512

    2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156

    Download Submit

  • \ProgramData\Synaptics\Synaptics.exe
    Filesize

    3.0MB

    MD5

    d89e4e7c52d47b0a1046e4322a96e6ca

    SHA1

    55978c5c522658b9b11db4a64607e943d0090fef

    SHA256

    c5fac682547181b877cf19e707fdfe12502619c7d805b863c75c0b5873f6bd6e

    SHA512

    e2ce7af958645af6ad33df2b654983e9b2e365ac4ed21496acc4f235f16ce06d7abf91ad162db60f0792f781a23d2d86879bbfb675af3f5348dae1fa151213b3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    1.2MB

    MD5

    639f60bf734d4ddbcaa56ba31946be5f

    SHA1

    089767c3508b9b5b80e47c7bdc6bd333cb10295b

    SHA256

    88b2e06c1e9297df241ad96cb0f4b1e77439c378bfba20f250590127f461f1a5

    SHA512

    a7979e1738d38a721bc0a5a20c6d2e79e78b0850455196e9b30d7fee058d3ea96cf37f07ee07df75f4882f347ac66e9b1eaef05a8a4c07b9ec6f5c09bba4d669

    Download Submit

  • \Users\Admin\AppData\Local\Temp\._cache_9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    384KB

    MD5

    15b3f83a5d912a06ad6fb23c07ff1339

    SHA1

    1a514cfff515ace5f2661694e7416305e2f2a15c

    SHA256

    bfce0d6c437643e82e39a2dab5e592bde87437dd671a5af03b04ece151d6c368

    SHA512

    7cfa5a7cb3130204a68ba34af0f0de8de0d1a3b3be2ba282703be04cb5b923993f4badbc9a07e9aa7341a602f3d8c53b614ef065e6ab92e9bd6f93042f03952c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    Filesize

    1.9MB

    MD5

    fd5d6e2e51949458d18066924da8dc95

    SHA1

    1d0097fa9da717cc71ad66226b28910b19dc9a48

    SHA256

    66f07a47ff70b2933574ecfb2cacfbf74c9bc1812ba108f8cf1f66d8714dc41e

    SHA512

    2461a80659b25f679d25b72b57e869a74cccbbe1cfd233807f793fdf13002d6969417a39a558e282c109ba7fd920172f4e746e0a20abe72be2b69074cc0da6b0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    832KB

    MD5

    639b6f6a05a0f790f64071494e3e5c52

    SHA1

    d813a9adbcc01c498542599babe340d53d22c477

    SHA256

    b23add2eb204fcd6e7ca615cc30bae63aeafd1a024e23116235f47682bad432e

    SHA512

    9b291d158a4c3ea71581813b074b47ed7c5630ab10f86e0b9be96c00a98a0d3f5990a915b831bfd02c057f9d62994dc446a625fa21e295149ba8e1c9ad080cd7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    2.6MB

    MD5

    ac7556b71eb4c0909972c51371542d13

    SHA1

    ee6b5b9ddcf6b4a96ea338647ea4caa9c3ccbcdf

    SHA256

    b0178d1f11a2637a03861fe8fab9c12f9e030b2642156ffa02bb4d7ae9443200

    SHA512

    a75ae79e1c5b9132678aad9847cfc54b3291402ca4eb113521da8e05cdf112aa6e5dd2744cd2da4bf27ff3cba00eab591bd30415828a9b3bd99921de4d70b30e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\3582-490\9d7efad1823c88b8b5b0b07ae9028fc23d2639445a0d95b48d9360b0ab9e68cb.exe
    Filesize

    640KB

    MD5

    d18b091d571911c25d4f91c804be1235

    SHA1

    17844bea0d6698daa384c8c0d75ff89f51bf639f

    SHA256

    b510c440f75a9ee1ce6b8f393bc4dd53dc5eb4c9369630034ab99ca4154a2662

    SHA512

    88558cc76ac49813c57f18af75a269e2d9711e33fe744bfa0af56d667b742df21d871ee45a6ec8c7115f7f8c9abf5c2fee20258f26ac85b75f61683d9eb0bfb1

    Download Submit

  • memory/2108-15-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2108-52-0x0000000000400000-0x00000000006FC000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2988-51-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2988-134-0x0000000000400000-0x00000000006FC000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2988-137-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2988-175-0x0000000000400000-0x00000000006FC000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/3052-133-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-135-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-138-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-140-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3052-142-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

    Download