Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.b75e4...50.exe

windows7-x64

7

NEAS.b75e4...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 18:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.b75e4c8ce41053926c4b5f75c17fb050.exe

  • Size

    208KB

  • MD5

    b75e4c8ce41053926c4b5f75c17fb050

  • SHA1

    379faf67b12d8daf795cc45aadccbee24ddec4f9

  • SHA256

    38b91ed970f0d7442b795afca8fdc73ce3844f0ddb4a1d339c35f04bcde59929

  • SHA512

    611c9744ebf8ce8dee96856cbe5bed51b7304b1ebd45509f4ecb9abbecf8df2c3836c94c051e294f7fcb1838c5251f020bb6033784a285c5422fdfb06df7480e

  • SSDEEP

    3072:DusxPityuHe6N7XjtA+VXlbRCOMeH1ITAue5VtFNyFN24NLthEjQT6j:Gtyu+WXjlXhwRYvdNyKQEj1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.b75e4c8ce41053926c4b5f75c17fb050.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.b75e4c8ce41053926c4b5f75c17fb050.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\system\YJO.exe.bat" "
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:796
      • C:\windows\system\YJO.exe
        C:\windows\system\YJO.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\YJO.exe
    Filesize

    208KB

    MD5

    690e7a98fb6224222fce9045df7c91a3

    SHA1

    4630fd75bd85a172b79b1a3690c442d5ac58b894

    SHA256

    421da9a745d5a8888897ef5a30442a6d3d4f6cfac17919df4a89f74dfefd3b60

    SHA512

    bfc3c360329fe8c50285af364f0933539fc14111a0532a986518d54e5ac4be46e1c3949558eda9cf031f5bbea5d129dc23e9abae20340b6c69d76f8f997c84b7

    Download Submit

  • C:\Windows\system\YJO.exe.bat
    Filesize

    66B

    MD5

    8963271b7f1508383ab854381fa824e4

    SHA1

    ec493171dde45ffdc9e7fe8ae89a89f967c20728

    SHA256

    1705b574170bcd9b8379e2fffb24736abd3a9c69117baa74236ab3041efcdadd

    SHA512

    f69992ea19581312c7c6a404ff429aa78d15f2224982e1e05ab06f20279876708bd082b3e9202e5132ccc9e61db686c3ca9956ebd9e05f88236e7feaf9d67c3e

    Download Submit

  • C:\windows\system\YJO.exe
    Filesize

    208KB

    MD5

    690e7a98fb6224222fce9045df7c91a3

    SHA1

    4630fd75bd85a172b79b1a3690c442d5ac58b894

    SHA256

    421da9a745d5a8888897ef5a30442a6d3d4f6cfac17919df4a89f74dfefd3b60

    SHA512

    bfc3c360329fe8c50285af364f0933539fc14111a0532a986518d54e5ac4be46e1c3949558eda9cf031f5bbea5d129dc23e9abae20340b6c69d76f8f997c84b7

    Download Submit

  • C:\windows\system\YJO.exe.bat
    Filesize

    66B

    MD5

    8963271b7f1508383ab854381fa824e4

    SHA1

    ec493171dde45ffdc9e7fe8ae89a89f967c20728

    SHA256

    1705b574170bcd9b8379e2fffb24736abd3a9c69117baa74236ab3041efcdadd

    SHA512

    f69992ea19581312c7c6a404ff429aa78d15f2224982e1e05ab06f20279876708bd082b3e9202e5132ccc9e61db686c3ca9956ebd9e05f88236e7feaf9d67c3e

    Download Submit

  • \Windows\system\YJO.exe
    Filesize

    208KB

    MD5

    690e7a98fb6224222fce9045df7c91a3

    SHA1

    4630fd75bd85a172b79b1a3690c442d5ac58b894

    SHA256

    421da9a745d5a8888897ef5a30442a6d3d4f6cfac17919df4a89f74dfefd3b60

    SHA512

    bfc3c360329fe8c50285af364f0933539fc14111a0532a986518d54e5ac4be46e1c3949558eda9cf031f5bbea5d129dc23e9abae20340b6c69d76f8f997c84b7

    Download Submit

  • \Windows\system\YJO.exe
    Filesize

    208KB

    MD5

    690e7a98fb6224222fce9045df7c91a3

    SHA1

    4630fd75bd85a172b79b1a3690c442d5ac58b894

    SHA256

    421da9a745d5a8888897ef5a30442a6d3d4f6cfac17919df4a89f74dfefd3b60

    SHA512

    bfc3c360329fe8c50285af364f0933539fc14111a0532a986518d54e5ac4be46e1c3949558eda9cf031f5bbea5d129dc23e9abae20340b6c69d76f8f997c84b7

    Download Submit

  • memory/604-20-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/604-22-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/796-16-0x0000000000810000-0x0000000000848000-memory.dmp

    Filesize

    224KB

    Download

  • memory/796-18-0x0000000000810000-0x0000000000848000-memory.dmp

    Filesize

    224KB

    Download

  • memory/796-21-0x0000000000810000-0x0000000000848000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2200-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2200-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.