Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.d6b10...JC.exe

windows7-x64

7

NEAS.d6b10...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.exe

  • Size

    740KB

  • MD5

    d6b10ea4d1ee377b6fd28f6a0ad47f4e

  • SHA1

    4aad355e1783859e84f3f37a1c98a280746bcd6f

  • SHA256

    f268ef1e3872764357d0e5cb0591f087702855022fe51f1801936ef5dfebd90a

  • SHA512

    009d88b7e8c808391baf42e7d46b0aa77112b7afe16e1a114fb4ca81b7162a21c148b4e1d24d027d669eee06af4eb89f0be48f12c3549e9b1ebcb73fa221eb35

  • SSDEEP

    12288:j2JylsKTzsBfXwZc0IursYCYQeSnyZJiqlEbXSb9NtCGOF2O27MVzO:j2JyxUB4MYenGJiKEbXWtfOkUO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4704
    • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.tmp
      C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.tmp
      2⤵
      • Executes dropped EXE
      PID:1068
    • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.mm
      C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.mm /zhj
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\SOS.exe
        C:\Windows\SOS.exe /zhj
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.mm
    Filesize

    296KB

    MD5

    ac93fa9b91d9e4d14a6c80db4afe18b9

    SHA1

    90e255e899ee986102ae51e81e7a0bec629e5b4f

    SHA256

    66b807c88baca9e923387863883507f19eaed90f839fbd1de7578d12953c1d24

    SHA512

    f5ac3fd7a4f59de0966e82fb92369dbc33009f9b44dcb69714e97858e20ac34c08d4f420b1c287177df9059cc50c0d90e62d7cc713aad9d91a97c97bfda24318

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.mm
    Filesize

    296KB

    MD5

    ac93fa9b91d9e4d14a6c80db4afe18b9

    SHA1

    90e255e899ee986102ae51e81e7a0bec629e5b4f

    SHA256

    66b807c88baca9e923387863883507f19eaed90f839fbd1de7578d12953c1d24

    SHA512

    f5ac3fd7a4f59de0966e82fb92369dbc33009f9b44dcb69714e97858e20ac34c08d4f420b1c287177df9059cc50c0d90e62d7cc713aad9d91a97c97bfda24318

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.tmp
    Filesize

    444KB

    MD5

    2b48f69517044d82e1ee675b1690c08b

    SHA1

    83ca22c8a8e9355d2b184c516e58b5400d8343e0

    SHA256

    507bdc3ab5a6d9ddba2df68aff6f59572180134252f5eb8cb46f9bb23006b496

    SHA512

    97d9b130a483263ddf59c35baceba999d7c8db4effc97bcb935cb57acc7c8d46d3681c95e24975a099e701997330c6c6175e834ddb16abc48d5e9827c74a325b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d6b10ea4d1ee377b6fd28f6a0ad47f4e_JC.tmp
    Filesize

    444KB

    MD5

    2b48f69517044d82e1ee675b1690c08b

    SHA1

    83ca22c8a8e9355d2b184c516e58b5400d8343e0

    SHA256

    507bdc3ab5a6d9ddba2df68aff6f59572180134252f5eb8cb46f9bb23006b496

    SHA512

    97d9b130a483263ddf59c35baceba999d7c8db4effc97bcb935cb57acc7c8d46d3681c95e24975a099e701997330c6c6175e834ddb16abc48d5e9827c74a325b

    Download Submit

  • C:\Windows\SOS.exe
    Filesize

    296KB

    MD5

    ac93fa9b91d9e4d14a6c80db4afe18b9

    SHA1

    90e255e899ee986102ae51e81e7a0bec629e5b4f

    SHA256

    66b807c88baca9e923387863883507f19eaed90f839fbd1de7578d12953c1d24

    SHA512

    f5ac3fd7a4f59de0966e82fb92369dbc33009f9b44dcb69714e97858e20ac34c08d4f420b1c287177df9059cc50c0d90e62d7cc713aad9d91a97c97bfda24318

    Download Submit

  • C:\Windows\SOS.exe
    Filesize

    296KB

    MD5

    ac93fa9b91d9e4d14a6c80db4afe18b9

    SHA1

    90e255e899ee986102ae51e81e7a0bec629e5b4f

    SHA256

    66b807c88baca9e923387863883507f19eaed90f839fbd1de7578d12953c1d24

    SHA512

    f5ac3fd7a4f59de0966e82fb92369dbc33009f9b44dcb69714e97858e20ac34c08d4f420b1c287177df9059cc50c0d90e62d7cc713aad9d91a97c97bfda24318

    Download Submit

  • C:\Windows\SOS.exe
    Filesize

    296KB

    MD5

    ac93fa9b91d9e4d14a6c80db4afe18b9

    SHA1

    90e255e899ee986102ae51e81e7a0bec629e5b4f

    SHA256

    66b807c88baca9e923387863883507f19eaed90f839fbd1de7578d12953c1d24

    SHA512

    f5ac3fd7a4f59de0966e82fb92369dbc33009f9b44dcb69714e97858e20ac34c08d4f420b1c287177df9059cc50c0d90e62d7cc713aad9d91a97c97bfda24318

    Download Submit

  • memory/2308-232-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-227-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-144-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-236-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-146-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-230-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-148-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-234-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-162-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-216-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-205-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-207-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-209-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2308-211-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-215-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-204-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-226-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-149-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-229-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-147-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-231-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-145-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4704-143-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4716-14-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download