Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
182s -
max time network
233s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 21:32
General
-
Target
NEAS.cdf227e7a95f5729fb1922b35bc3f8a0.exe
-
Size
39KB
-
MD5
cdf227e7a95f5729fb1922b35bc3f8a0
-
SHA1
3a5f25af486a4d18adc5f9789bef1bc25540a016
-
SHA256
09c91059c71be58dae0c83bd02ffc47afcc98a7d52ddf53963b012738615bfaa
-
SHA512
198bef50647975b40c7ace306e8a279f7a5e2a2214a23d5fa25dc32ec05a3c9517879d21b191b81bde537d6540bf71a313cfa5eb755788c82351eb94db593c18
-
SSDEEP
768:wVdtcAAayQ6I6Ro1dwwGl8940Xq3jk3nhOp:wGAC66Ro/4iq3jV
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.cdf227e7a95f5729fb1922b35bc3f8a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.cdf227e7a95f5729fb1922b35bc3f8a0.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\576D.tmp\psm.bat" "2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245B
MD52031e78865da25d0c0a0df5b2e1c57a7
SHA15510a58656558666ef1ea2f686561f228d4959d9
SHA2565122124e3ed610216be9c680c39dd4a5093f080b91f8f3c5910dbaed757baa3b
SHA512cf222b091bbae5bf2e646ce286cbc63843b14b442abc62dfe675dc2ae52f768ff270a543b3d31c0b6e759ed5a111ee8f06118a308557a1231aca65e54562af8d