Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
16/10/2023, 18:34
General
-
Target
NEAS.b9e37440d59f55260d2048a7bbd0fce0.exe
-
Size
256KB
-
MD5
b9e37440d59f55260d2048a7bbd0fce0
-
SHA1
ebe10059c3cbe16ba7da26839e1e8e039d2834ae
-
SHA256
887bb5598837f9a60f951c0e07f66e17c06711130b2ddffaf4dd722f0058e32f
-
SHA512
43b104c977061e28d1163139ff3c7f7f569e06fbf6f5b25e01d423b2f524cc90a0578160689b8129c3a5d5a504a509dcb14ecce6c4795f92b81c019a18f4beea
-
SSDEEP
6144:9UhVIn6R4rQD85k/hQO+zrWnAdqjeOpKfduBU:yVQJrQg5W/+zrWAI5KFuU
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b9e37440d59f55260d2048a7bbd0fce0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b9e37440d59f55260d2048a7bbd0fce0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Injcmc32.exeC:\Windows\system32\Injcmc32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iahlcaol.exeC:\Windows\system32\Iahlcaol.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ijcahd32.exeC:\Windows\system32\Ijcahd32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egohdegl.exeC:\Windows\system32\Egohdegl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hppeim32.exeC:\Windows\system32\Hppeim32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hemmac32.exeC:\Windows\system32\Hemmac32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Inebjihf.exeC:\Windows\system32\Inebjihf.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ieojgc32.exeC:\Windows\system32\Ieojgc32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Ihmfco32.exeC:\Windows\system32\Ihmfco32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ibcjqgnm.exeC:\Windows\system32\Ibcjqgnm.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Iahgad32.exeC:\Windows\system32\Iahgad32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ihbponja.exeC:\Windows\system32\Ihbponja.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iolhkh32.exeC:\Windows\system32\Iolhkh32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Iondqhpl.exeC:\Windows\system32\Iondqhpl.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jhgiim32.exeC:\Windows\system32\Jhgiim32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Jifecp32.exeC:\Windows\system32\Jifecp32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jaajhb32.exeC:\Windows\system32\Jaajhb32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adjjeieh.exeC:\Windows\system32\Adjjeieh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejjaqk32.exeC:\Windows\system32\Ejjaqk32.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jejbhk32.exeC:\Windows\system32\Jejbhk32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mekdffee.exeC:\Windows\system32\Mekdffee.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe7⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mcfkpjng.exeC:\Windows\system32\Mcfkpjng.exe8⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nlnpio32.exeC:\Windows\system32\Nlnpio32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Napameoi.exeC:\Windows\system32\Napameoi.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbbnbemf.exeC:\Windows\system32\Nbbnbemf.exe11⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nlgbon32.exeC:\Windows\system32\Nlgbon32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfpghccm.exeC:\Windows\system32\Nfpghccm.exe13⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oohkai32.exeC:\Windows\system32\Oohkai32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pbbgicnd.exeC:\Windows\system32\Pbbgicnd.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pilpfm32.exeC:\Windows\system32\Pilpfm32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfppoa32.exeC:\Windows\system32\Pfppoa32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmjhlklg.exeC:\Windows\system32\Pmjhlklg.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pbgqdb32.exeC:\Windows\system32\Pbgqdb32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfeijqqe.exeC:\Windows\system32\Pfeijqqe.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pomncfge.exeC:\Windows\system32\Pomncfge.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qomghp32.exeC:\Windows\system32\Qomghp32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qnbdjl32.exeC:\Windows\system32\Qnbdjl32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qdllffpo.exeC:\Windows\system32\Qdllffpo.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Andqol32.exeC:\Windows\system32\Andqol32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akhaipei.exeC:\Windows\system32\Akhaipei.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ailabddb.exeC:\Windows\system32\Ailabddb.exe28⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Abdfkj32.exeC:\Windows\system32\Abdfkj32.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agaoca32.exeC:\Windows\system32\Agaoca32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abgcqjhp.exeC:\Windows\system32\Abgcqjhp.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agckiqgg.exeC:\Windows\system32\Agckiqgg.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afdkfh32.exeC:\Windows\system32\Afdkfh32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnppkj32.exeC:\Windows\system32\Bnppkj32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Biedhclh.exeC:\Windows\system32\Biedhclh.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpomem32.exeC:\Windows\system32\Bpomem32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bihancje.exeC:\Windows\system32\Bihancje.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bndjfjhl.exeC:\Windows\system32\Bndjfjhl.exe38⤵
-
C:\Windows\SysWOW64\Bgmnooom.exeC:\Windows\system32\Bgmnooom.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfnnmg32.exeC:\Windows\system32\Bfnnmg32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgokdomj.exeC:\Windows\system32\Bgokdomj.exe41⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfpkbfdi.exeC:\Windows\system32\Bfpkbfdi.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ciogobcm.exeC:\Windows\system32\Ciogobcm.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cpipkl32.exeC:\Windows\system32\Cpipkl32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfbhhfbg.exeC:\Windows\system32\Cfbhhfbg.exe45⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cpklql32.exeC:\Windows\system32\Cpklql32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cicqja32.exeC:\Windows\system32\Cicqja32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cfgace32.exeC:\Windows\system32\Cfgace32.exe48⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Chinkndp.exeC:\Windows\system32\Chinkndp.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cbnbhfde.exeC:\Windows\system32\Cbnbhfde.exe50⤵
-
C:\Windows\SysWOW64\Clffalkf.exeC:\Windows\system32\Clffalkf.exe51⤵
-
C:\Windows\SysWOW64\Deokja32.exeC:\Windows\system32\Deokja32.exe52⤵
-
C:\Windows\SysWOW64\Dlicflic.exeC:\Windows\system32\Dlicflic.exe53⤵
-
C:\Windows\SysWOW64\Deagoa32.exeC:\Windows\system32\Deagoa32.exe54⤵
-
C:\Windows\SysWOW64\Dlkplk32.exeC:\Windows\system32\Dlkplk32.exe55⤵
-
C:\Windows\SysWOW64\Diamko32.exeC:\Windows\system32\Diamko32.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Donecfao.exeC:\Windows\system32\Donecfao.exe57⤵
-
C:\Windows\SysWOW64\Didjqoae.exeC:\Windows\system32\Didjqoae.exe58⤵
-
C:\Windows\SysWOW64\Dlbfmjqi.exeC:\Windows\system32\Dlbfmjqi.exe59⤵
-
C:\Windows\SysWOW64\Eifffoob.exeC:\Windows\system32\Eifffoob.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efjgpc32.exeC:\Windows\system32\Efjgpc32.exe61⤵
-
C:\Windows\SysWOW64\Epbkhhel.exeC:\Windows\system32\Epbkhhel.exe62⤵
-
C:\Windows\SysWOW64\Eeodqocd.exeC:\Windows\system32\Eeodqocd.exe63⤵
-
C:\Windows\SysWOW64\Elilmi32.exeC:\Windows\system32\Elilmi32.exe64⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ehpmbj32.exeC:\Windows\system32\Ehpmbj32.exe65⤵
-
C:\Windows\SysWOW64\Ebeapc32.exeC:\Windows\system32\Ebeapc32.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eipilmgh.exeC:\Windows\system32\Eipilmgh.exe67⤵
-
C:\Windows\SysWOW64\Eoladdeo.exeC:\Windows\system32\Eoladdeo.exe68⤵
-
C:\Windows\SysWOW64\Foonjd32.exeC:\Windows\system32\Foonjd32.exe69⤵
-
C:\Windows\SysWOW64\Feifgnki.exeC:\Windows\system32\Feifgnki.exe70⤵
-
C:\Windows\SysWOW64\Fghcqq32.exeC:\Windows\system32\Fghcqq32.exe71⤵
-
C:\Windows\SysWOW64\Flekihpc.exeC:\Windows\system32\Flekihpc.exe72⤵
-
C:\Windows\SysWOW64\Fcodfa32.exeC:\Windows\system32\Fcodfa32.exe73⤵
-
C:\Windows\SysWOW64\Fempbm32.exeC:\Windows\system32\Fempbm32.exe74⤵
-
C:\Windows\SysWOW64\Flghognq.exeC:\Windows\system32\Flghognq.exe75⤵
-
C:\Windows\SysWOW64\Fikihlmj.exeC:\Windows\system32\Fikihlmj.exe76⤵
-
C:\Windows\SysWOW64\Fpeaeedg.exeC:\Windows\system32\Fpeaeedg.exe77⤵
-
C:\Windows\SysWOW64\Gebimmco.exeC:\Windows\system32\Gebimmco.exe78⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gpgnjebd.exeC:\Windows\system32\Gpgnjebd.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ghcbohpp.exeC:\Windows\system32\Ghcbohpp.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gomkkagl.exeC:\Windows\system32\Gomkkagl.exe81⤵
-
C:\Windows\SysWOW64\Gegchl32.exeC:\Windows\system32\Gegchl32.exe82⤵
-
C:\Windows\SysWOW64\Gckcap32.exeC:\Windows\system32\Gckcap32.exe83⤵
-
C:\Windows\SysWOW64\Goadfa32.exeC:\Windows\system32\Goadfa32.exe84⤵
-
C:\Windows\SysWOW64\Ggilgn32.exeC:\Windows\system32\Ggilgn32.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpaqqdjj.exeC:\Windows\system32\Hpaqqdjj.exe86⤵
-
C:\Windows\SysWOW64\Hcommoin.exeC:\Windows\system32\Hcommoin.exe87⤵
-
C:\Windows\SysWOW64\Hjieii32.exeC:\Windows\system32\Hjieii32.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hofmaq32.exeC:\Windows\system32\Hofmaq32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hfpenj32.exeC:\Windows\system32\Hfpenj32.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hpejlc32.exeC:\Windows\system32\Hpejlc32.exe91⤵
-
C:\Windows\SysWOW64\Hfbbdj32.exeC:\Windows\system32\Hfbbdj32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hokgmpkl.exeC:\Windows\system32\Hokgmpkl.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hjpkjh32.exeC:\Windows\system32\Hjpkjh32.exe94⤵
-
C:\Windows\SysWOW64\Hlogfd32.exeC:\Windows\system32\Hlogfd32.exe95⤵
-
C:\Windows\SysWOW64\Hcipcnac.exeC:\Windows\system32\Hcipcnac.exe96⤵
-
C:\Windows\SysWOW64\Hhehkepj.exeC:\Windows\system32\Hhehkepj.exe97⤵
-
C:\Windows\SysWOW64\Ijedehgm.exeC:\Windows\system32\Ijedehgm.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iqombb32.exeC:\Windows\system32\Iqombb32.exe99⤵
-
C:\Windows\SysWOW64\Iqaiga32.exeC:\Windows\system32\Iqaiga32.exe100⤵
-
C:\Windows\SysWOW64\Jihngboe.exeC:\Windows\system32\Jihngboe.exe101⤵
-
C:\Windows\SysWOW64\Jcpojk32.exeC:\Windows\system32\Jcpojk32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Kfcdaehf.exeC:\Windows\system32\Kfcdaehf.exe103⤵
-
C:\Windows\SysWOW64\Kpnepk32.exeC:\Windows\system32\Kpnepk32.exe104⤵
-
C:\Windows\SysWOW64\Kanbjn32.exeC:\Windows\system32\Kanbjn32.exe105⤵
-
C:\Windows\SysWOW64\Kggjghkd.exeC:\Windows\system32\Kggjghkd.exe106⤵
-
C:\Windows\SysWOW64\Lapopm32.exeC:\Windows\system32\Lapopm32.exe107⤵
-
C:\Windows\SysWOW64\Lfmghdpl.exeC:\Windows\system32\Lfmghdpl.exe108⤵
-
C:\Windows\SysWOW64\Labkempb.exeC:\Windows\system32\Labkempb.exe109⤵
-
C:\Windows\SysWOW64\Lglcag32.exeC:\Windows\system32\Lglcag32.exe110⤵
-
C:\Windows\SysWOW64\Limpiomm.exeC:\Windows\system32\Limpiomm.exe111⤵
-
C:\Windows\SysWOW64\Lhopgg32.exeC:\Windows\system32\Lhopgg32.exe112⤵
-
C:\Windows\SysWOW64\Ljmmcbdp.exeC:\Windows\system32\Ljmmcbdp.exe113⤵
-
C:\Windows\SysWOW64\Lmkipncc.exeC:\Windows\system32\Lmkipncc.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ljoiibbm.exeC:\Windows\system32\Ljoiibbm.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ldgnbg32.exeC:\Windows\system32\Ldgnbg32.exe116⤵
-
C:\Windows\SysWOW64\Mjafoapj.exeC:\Windows\system32\Mjafoapj.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Malnklgg.exeC:\Windows\system32\Malnklgg.exe118⤵
-
C:\Windows\SysWOW64\Mhefhf32.exeC:\Windows\system32\Mhefhf32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mjdbda32.exeC:\Windows\system32\Mjdbda32.exe120⤵
-
C:\Windows\SysWOW64\Mpqklh32.exeC:\Windows\system32\Mpqklh32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-