Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.ba761...10.exe

windows7-x64

7

NEAS.ba761...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe

  • Size

    238KB

  • MD5

    ba761f47647aa1cf3e78086ee0ecdf10

  • SHA1

    067607b13a356211f87719513b72b1ce11a89b53

  • SHA256

    d79fd2498bcb5e6b897fa25127bee118ea8cf3e76bc5d5810a00dec7e99c3042

  • SHA512

    99a675d95bf70bf2a037e91eb8107b344018a053482e963cb9ef7e4ed334e617e32165e792d2ed31a41674780412775a927bd5c8ff066b2e67dbe1ee7c70d253

  • SSDEEP

    3072:wmh7T6xGiYQxcpDwK3XrT8r+Ee03T1Z3lFgXvNbOz6N2YvQd2a:wm1t1GK3X/8rt/1VgXVbu6na

Score
7/10
miner

Malware Config

Signatures

  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ba761f47647aa1cf3e78086ee0ecdf10.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\.Trash-100\ActivateDesktop.exe
      C:\.Trash-100\ActivateDesktop.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    238KB

    MD5

    b4d7f5f1255a33e8c209f247e21d8d01

    SHA1

    c3e934de0e5275765661d851bfe64c119a7a2646

    SHA256

    f55c73c17196c0eb265955409042a5fbdd5f2b2fc0032a4f7b13d14f1eec1633

    SHA512

    364a01e6630af1c7888d190a1b3a72dc19e8f5dfd2426875de3475edee41ff3f639cac3c3486d8d06abee1f0e5e196cdb7ded2b6506d37d5106e6b6c0206f2ca

    Download Submit

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    238KB

    MD5

    b4d7f5f1255a33e8c209f247e21d8d01

    SHA1

    c3e934de0e5275765661d851bfe64c119a7a2646

    SHA256

    f55c73c17196c0eb265955409042a5fbdd5f2b2fc0032a4f7b13d14f1eec1633

    SHA512

    364a01e6630af1c7888d190a1b3a72dc19e8f5dfd2426875de3475edee41ff3f639cac3c3486d8d06abee1f0e5e196cdb7ded2b6506d37d5106e6b6c0206f2ca

    Download Submit

  • C:\.Trash-100\db\framework_exe
    Filesize

    19B

    MD5

    665009c6d258a06e710ff8c7810f4697

    SHA1

    abf7abc9bae75e5323a12b1d58336dfe0fd58e22

    SHA256

    98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

    SHA512

    a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

    Download Submit

  • C:\.Trash-100\db\version
    Filesize

    4B

    MD5

    2d0974b2436345d99f7152c3fc44a609

    SHA1

    95dd84c617999229b78c5f962ffb585b2d6b24af

    SHA256

    d5f0c33021595f4db1659f924edc67658a477aabbabcbb7cc8eaa647cacc329b

    SHA512

    668c0ff32445f7ef85b3d09d645ed048fffdd752ce428e8000cffbab7798064bdf272f2fae137cc2fa371bdc579ff79609508ca8c0c18ce5d638306bc75d5240

    Download Submit