Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.cbe13...e0.exe

windows7-x64

7

NEAS.cbe13...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.cbe13f21a1e0c5ddddb94af92bbe75e0.exe

  • Size

    68KB

  • MD5

    cbe13f21a1e0c5ddddb94af92bbe75e0

  • SHA1

    7201edd128e33aa62febd83b839ed0b688a4dea2

  • SHA256

    e52ee576ff2fc625efcee1cfa902bbf7417e912464c56944a2ec51ac89076d1c

  • SHA512

    573ef3bb1049173fbad1eea952809a2c86d5b82d64a8cb16043daff1e0faa5182bffef9d81736fda05978fe5356deec16d2d3088656b3107dbbb6504e756e32a

  • SSDEEP

    1536:YAowfUJFgjT284U+w2EwRz6OlvaeEpIaCtwUaSvcmGCCCCCCC+EaEAEtHjCCCCt/:YAowyFgjTiUkEwt6OlvaeEpIaCtwUaSB

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.cbe13f21a1e0c5ddddb94af92bbe75e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.cbe13f21a1e0c5ddddb94af92bbe75e0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    68KB

    MD5

    231aa1f5295ea8d70e251f51f0b4c845

    SHA1

    64769027457597fdccb2513f0900f6f321dc0c68

    SHA256

    eb91a57a2167051b14d23756d39121b2bc9ba5f3c9617ca530c82c75b9b73a09

    SHA512

    3b37541a4257ce4b4eab60a44017bdd5f1284bff6b1076ffdcd31100497781a5041a9e818d0f7ca24fcafcaaa07e2978cf3e21e406741dd0fb90b31601fe436d

    Download Submit

  • C:\Windows\microsofthelp.exe
    Filesize

    68KB

    MD5

    231aa1f5295ea8d70e251f51f0b4c845

    SHA1

    64769027457597fdccb2513f0900f6f321dc0c68

    SHA256

    eb91a57a2167051b14d23756d39121b2bc9ba5f3c9617ca530c82c75b9b73a09

    SHA512

    3b37541a4257ce4b4eab60a44017bdd5f1284bff6b1076ffdcd31100497781a5041a9e818d0f7ca24fcafcaaa07e2978cf3e21e406741dd0fb90b31601fe436d

    Download Submit

  • memory/3556-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3556-5-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4944-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download