Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.62490...a0.exe

windows7-x64

7

NEAS.62490...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.62490fcdd933cab314eda2afb9656ca0.exe

  • Size

    1.5MB

  • MD5

    62490fcdd933cab314eda2afb9656ca0

  • SHA1

    8b7bba2d2e28c64ea8d486bc66cf40e4fa4bbbc0

  • SHA256

    d251fc8d7918b6789dc7b3d5fcf8eb7bea245dfbc35672ba0332f23d63b16660

  • SHA512

    ff5de8d9f2f29599bf1dd17e60f7fb740e4456465a85a4c075a76392e6128d474deae3069012c855f941340f8285e88aba6737812354439132daebe0a24eb1ba

  • SSDEEP

    24576:ScCT67wHqWis4l+jIACFr5hqjiLDpSJDN93pqb6W8cU4gLQ/A:jCpn8t74iA3qb6W8cU4e

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.62490fcdd933cab314eda2afb9656ca0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.62490fcdd933cab314eda2afb9656ca0.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Users\Admin\AppData\Local\Temp\NEAS.62490fcdd933cab314eda2afb9656ca0.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.62490fcdd933cab314eda2afb9656ca0.exe"
      2⤵
      • Drops startup file
      • Drops autorun.inf file
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:1816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\vOfficeC2RClient.ico
    Filesize

    4KB

    MD5

    3ea9bcbc01e1a652de5a6fc291a66d1a

    SHA1

    aee490d53ee201879dff37503a0796c77642a792

    SHA256

    a058bfd185fe714927e15642004866449bce425d34292a08af56d66cf03ebe6c

    SHA512

    7c740132f026341770b6a20575786da581d8a31850d0d680978a00cc4dfca1e848ef9cdc32e51bae680ea13f6cc0d7324c38765cb4e26dcb2e423aced7da0501

    Download Submit

  • C:\Program Files\Java\jdk1.8.0_66\bin\vjavaws.ico
    Filesize

    4KB

    MD5

    38b41d03e9dfcbbd08210c5f0b50ba71

    SHA1

    2fbfde75ce9fe8423d8e7720bf7408cedcb57a70

    SHA256

    611f2cb2e03bd8dbcb584cd0a1c48accfba072dd3fc4e6d3144e2062553637f5

    SHA512

    ec97556b6ff6023d9e6302ba586ef27b1b54fbf7e8ac04ff318aa4694f13ad343049210ef17b7b603963984c1340589665d67d9c65fec0f91053ff43b1401ba9

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\vmisc.ico
    Filesize

    4KB

    MD5

    fc27f73816c9f640d800cdc1c9294751

    SHA1

    e6c3d8835d1de4e9606e5588e741cd1be27398f6

    SHA256

    3cc5043caa157e5f9b1870527b8c323850bdae1e58d6760e4e895d2ab8a35a05

    SHA512

    9e36b96acc97bc7cd45e67a47f1ae7ab7d3818cc2fdaad147524ce9e4baedfaac9cd012923ec65db763bfd850c65b497376bb0694508bee59747f97bf1591fd4

    Download Submit

  • C:\odt\office2016setup.exe
    Filesize

    1.5MB

    MD5

    62490fcdd933cab314eda2afb9656ca0

    SHA1

    8b7bba2d2e28c64ea8d486bc66cf40e4fa4bbbc0

    SHA256

    d251fc8d7918b6789dc7b3d5fcf8eb7bea245dfbc35672ba0332f23d63b16660

    SHA512

    ff5de8d9f2f29599bf1dd17e60f7fb740e4456465a85a4c075a76392e6128d474deae3069012c855f941340f8285e88aba6737812354439132daebe0a24eb1ba

    Download Submit

  • F:\autorun.inf
    Filesize

    102B

    MD5

    5513829683bff23161ca7d8595c25c72

    SHA1

    9961b65bbd3bac109dddd3a161fc30650e8a7096

    SHA256

    94e323bd9071db7369ade16f45454e7a0dbfb6a39efddc1234c4719d1f7ee4c2

    SHA512

    308c84446106cda0a71e37b0de46aaf4b7361f9ddcc3c4c29f8e87da8acb606525dce8a42caf9d74e708c56b31c524f9535a2f5f4757c6c357401da1c495ddb6

    Download Submit

  • memory/1816-18-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-81-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-15-0x0000000002350000-0x0000000002351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1816-304-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-9-0x0000000002350000-0x0000000002351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1816-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1816-79-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-12-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-128-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-7-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-6-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/1816-295-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/4740-5-0x0000000002BF0000-0x0000000002C05000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4740-2-0x0000000002BF0000-0x0000000002C05000-memory.dmp

    Filesize

    84KB

    Download