Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.5b222...00.exe

windows7-x64

7

NEAS.5b222...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.5b222d972515e48fd6a07a7749a9a200.exe

  • Size

    45KB

  • MD5

    5b222d972515e48fd6a07a7749a9a200

  • SHA1

    84aebaa17d35cca1e97bd4efab895ad264a9545e

  • SHA256

    780d92a2b74f117199c26859df56e2478931e3228cf5f0bda244254e876808ab

  • SHA512

    1c8b74259f203ed0f3508f15cde1f2a1f1dc8c29c289d0b1e81762a45859f861156881d338c9b180f0a54a97409cc8934c362df486107ecc8e63bf9dba65bebe

  • SSDEEP

    384:2QWRRQBH61HkIGzIuy3uJqCG7bS4GTf05EYi7f8i7ppC:2hRma1KziWRMPi7TppC

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.5b222d972515e48fd6a07a7749a9a200.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5b222d972515e48fd6a07a7749a9a200.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Users\Admin\AppData\Local\Temp\updGA.exe
      "C:\Users\Admin\AppData\Local\Temp\updGA.exe"
      2⤵
      • Executes dropped EXE
      PID:4140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\updGA.exe
    Filesize

    45KB

    MD5

    228cb1c4e6e814b3fa48f4993f1021ae

    SHA1

    f291a6f38744dadbd56516f415d3ee8dfa99b523

    SHA256

    5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

    SHA512

    aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\updGA.exe
    Filesize

    45KB

    MD5

    228cb1c4e6e814b3fa48f4993f1021ae

    SHA1

    f291a6f38744dadbd56516f415d3ee8dfa99b523

    SHA256

    5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

    SHA512

    aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\updGA.exe
    Filesize

    45KB

    MD5

    228cb1c4e6e814b3fa48f4993f1021ae

    SHA1

    f291a6f38744dadbd56516f415d3ee8dfa99b523

    SHA256

    5d54e9978166f9af733e7a2a499cf73ac52212658b3e3b4377258a30d87911b7

    SHA512

    aa572325c2b82d05c4746d4b8a1817d7a43073ac44b0d8ebd31d746ff021ab39ee36f6b607c576f488098741c3d00bfdf319ed4a67714fe639dca0a0ae3ebee6

    Download Submit