Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.bcc09...00.exe

windows7-x64

7

NEAS.bcc09...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    99s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2023, 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe

  • Size

    61KB

  • MD5

    bcc09d62005ce6c95f3ea8b75d8e6800

  • SHA1

    29c5d51367b51d6d3c43a3314fcee38dee4c8a7d

  • SHA256

    d5db5e6a0bf23fd2041f9e6a0c9d1395b241c55e2cb790e8ecf95ab298fafece

  • SHA512

    356cbef170423b13b76ea66917b0bf4bc89eac27f6a53e8a44d6822c006233bf53e7a2b7267a376b3299379956d1750d917aba0b3462bcccb3f95b052c7272ea

  • SSDEEP

    768:vYnI9ZvPg2k4u+hJDdv260OAhAH4Ii7u9bp6uqcl2aauA:vwIrHuCtd3FAhAYIi78xlba

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bcc09d62005ce6c95f3ea8b75d8e6800.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Users\Admin\AppData\Roaming\q3q8.exe
      C:\Users\Admin\AppData\Roaming\q3q8.exe
      2⤵
      • Executes dropped EXE
      PID:1900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\q3q8.exe
    Filesize

    61KB

    MD5

    c44e2f2cd4a37c448a4607a6cce54199

    SHA1

    454cf45d2ed4102af63d07d3428a6c296443ac7e

    SHA256

    4c15e80451ff5da3772036284e723d4f2f88e9d50a626200b7cb4bcb3f22c292

    SHA512

    4fc6200246a3ba6f795c4e42d73bb517dd1495561bee775c68dc2f95c4b5f55e490c3c4e682134654525d86b9d290419ac013230b7389800833a2b9e9965497e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\q3q8.exe
    Filesize

    61KB

    MD5

    c44e2f2cd4a37c448a4607a6cce54199

    SHA1

    454cf45d2ed4102af63d07d3428a6c296443ac7e

    SHA256

    4c15e80451ff5da3772036284e723d4f2f88e9d50a626200b7cb4bcb3f22c292

    SHA512

    4fc6200246a3ba6f795c4e42d73bb517dd1495561bee775c68dc2f95c4b5f55e490c3c4e682134654525d86b9d290419ac013230b7389800833a2b9e9965497e

    Download Submit