Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

NEAS.ce8e5...90.exe

windows7-x64

8

NEAS.ce8e5...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    9s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ce8e5f08dbc1939e381aab33bd420390.exe

  • Size

    160KB

  • MD5

    ce8e5f08dbc1939e381aab33bd420390

  • SHA1

    3ab0f3934f1af200aa62fb203a3fed06c455d510

  • SHA256

    76d92f0417dcb1dd957a361c9f82e40edb91b0f0852ff9f38fdf792a905d9b8a

  • SHA512

    309aa27b31ea00a256781d534706e5a136935e00907e2badde12f6915e7591ad7787ca69a654da71169cb8edd6a4788539c909d941a78a14c91c027d5668bb2f

  • SSDEEP

    3072:jBTW9N/m1cRFddrcmpo/YZxJOH6BYa80BgMtIfIQ+YDeg:jBTW9k1cRFd5cB/sxJJYG8IQ+Y/

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ce8e5f08dbc1939e381aab33bd420390.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ce8e5f08dbc1939e381aab33bd420390.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4324
  • C:\PROGRA~3\Mozilla\inhjnlm.exe
    C:\PROGRA~3\Mozilla\inhjnlm.exe -nstusyf
    1⤵
    • Executes dropped EXE
    PID:4176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\inhjnlm.exe
    Filesize

    160KB

    MD5

    3e4122a724aecd732275c9b2d2fd25be

    SHA1

    0ec64c6b9e3b5495b7140efffa600512158cd963

    SHA256

    c23cc0b676ce97c41e866f4b936fcd10cba237eca6af46b7c33b9e6ee9f58681

    SHA512

    ea3bae399a2daf2ab7fcc690708a2f54aa8e0100cfab8692785b1c0a4e4466579f314c1a7cc3fbc9c148cfdebaa89d0e338fffd83cd6d86ede4e3e1f9b875253

    Download Submit

  • C:\ProgramData\Mozilla\inhjnlm.exe
    Filesize

    160KB

    MD5

    3e4122a724aecd732275c9b2d2fd25be

    SHA1

    0ec64c6b9e3b5495b7140efffa600512158cd963

    SHA256

    c23cc0b676ce97c41e866f4b936fcd10cba237eca6af46b7c33b9e6ee9f58681

    SHA512

    ea3bae399a2daf2ab7fcc690708a2f54aa8e0100cfab8692785b1c0a4e4466579f314c1a7cc3fbc9c148cfdebaa89d0e338fffd83cd6d86ede4e3e1f9b875253

    Download Submit

  • memory/4324-0-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/4324-1-0x0000000000A30000-0x0000000000A8B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4324-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/4324-7-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download