Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2023, 19:45
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.157f4dd280bac25d91450ddd086f95c0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.157f4dd280bac25d91450ddd086f95c0.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.157f4dd280bac25d91450ddd086f95c0.exe
-
Size
987KB
-
MD5
157f4dd280bac25d91450ddd086f95c0
-
SHA1
def98872972513a04e01ad912f3f77ebe7bf2760
-
SHA256
020362fe1e0b1bb14d7858e7290cf2b8c69602933921e49ffb684fdd9340e928
-
SHA512
f35347bf457390f459e6edd4b09342c7fec133aececef35b9e5e98cbba19ead5ff7f51e356d9af30014177e720ccf221488e121a24c1c9fe1d85ea1dbf63748a
-
SSDEEP
24576:/1/aGLDCM4D8ay0MZo8//PT2N0K+bcpUBkGjc3JnBrzRV:wD8ay0MZoQPT2N0K+bcpUBkVND
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3848 jooal.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\jooal.exe" jooal.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4424 wrote to memory of 3848 4424 NEAS.157f4dd280bac25d91450ddd086f95c0.exe 86 PID 4424 wrote to memory of 3848 4424 NEAS.157f4dd280bac25d91450ddd086f95c0.exe 86 PID 4424 wrote to memory of 3848 4424 NEAS.157f4dd280bac25d91450ddd086f95c0.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.157f4dd280bac25d91450ddd086f95c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.157f4dd280bac25d91450ddd086f95c0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4424 -
C:\ProgramData\jooal.exe"C:\ProgramData\jooal.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
987KB
MD59624525cbbf8add33228da9a286108fe
SHA1332a954de4efb32285c1514905f9c3281abdb484
SHA2561f61a86255fd201629b0d129a6a4ba69271945e5b77a103fa8b26bfc0d953c62
SHA512514bd1d33fd49594480695454fe2623ce9a3a7c37e2293c0aae93b134901d00cd401c3e93c1f29c91d4aa01d4bbc42bc1352ff2a941d01afb09bf5a1fe8973f2
-
Filesize
477KB
MD50097732504850319971faed87f071fd4
SHA16f8bf40487719d18c54c85329ffc0346163e43db
SHA25696e2cebea72e7205b4b0b53d67606ccbedd4e9eb34d852bed65bc89063541a48
SHA51272af1a7e94544cb2b4a198713280823337a4cf4a7266320947a5b81ce4c41099c251ab86d94f753506328ad7750d3a0135d27af0ff5cf2147d01f3147d4448a7
-
Filesize
477KB
MD50097732504850319971faed87f071fd4
SHA16f8bf40487719d18c54c85329ffc0346163e43db
SHA25696e2cebea72e7205b4b0b53d67606ccbedd4e9eb34d852bed65bc89063541a48
SHA51272af1a7e94544cb2b4a198713280823337a4cf4a7266320947a5b81ce4c41099c251ab86d94f753506328ad7750d3a0135d27af0ff5cf2147d01f3147d4448a7
-
Filesize
509KB
MD5190203c0ed5c49f712b3bfa863cecd6b
SHA132fc7cd8a95a338139c48b2fac545627d60c1395
SHA256e79e567d10676b5ada9470ff6b993c3392f0d4bfefe2441815d4e23c05ae175f
SHA512dec61dfaf04260aad14809858db52e81360041464efd81a160ef1ab6339c2c3b66494c31bfe41420f1b33db9a8cb5b2e51a653e4c8709781fe99785934d78226
-
Filesize
509KB
MD5190203c0ed5c49f712b3bfa863cecd6b
SHA132fc7cd8a95a338139c48b2fac545627d60c1395
SHA256e79e567d10676b5ada9470ff6b993c3392f0d4bfefe2441815d4e23c05ae175f
SHA512dec61dfaf04260aad14809858db52e81360041464efd81a160ef1ab6339c2c3b66494c31bfe41420f1b33db9a8cb5b2e51a653e4c8709781fe99785934d78226