Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
21/10/2023, 21:34
General
-
Target
NEAS.d9b7905cdee0e25d5a588d35f0b01250.exe
-
Size
448KB
-
MD5
d9b7905cdee0e25d5a588d35f0b01250
-
SHA1
c468f6b1618028d7796e31ee1e04e978e1910741
-
SHA256
25f5c0d35a41296fa5fe19bcbc3f4270fb8287d64945919bea0c99cb042aebe0
-
SHA512
c8afa9fdd324dd3530f9af10baf4f92796a96c7744d4c7236bcc689ef2698adadab48e0bae52574b992175963e26af6217a19973fceeb0de7e8d6264fd17ec45
-
SSDEEP
6144:TzXYK2bG/r1bsZR3eGLGs3fGEOmbsZR3eGLG/ggBc7hfbsZR3eGLGs3fGEOmbsZ+:TzH2bG/NsZ5ZvX/sZ5P1sZ5ZvX/sZ5
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d9b7905cdee0e25d5a588d35f0b01250.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d9b7905cdee0e25d5a588d35f0b01250.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjpbam32.exeC:\Windows\system32\Mjpbam32.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjbogmdb.exeC:\Windows\system32\Mjbogmdb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maodigil.exeC:\Windows\system32\Maodigil.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Njghbl32.exeC:\Windows\system32\Njghbl32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Noeahkfc.exeC:\Windows\system32\Noeahkfc.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nkqkhk32.exeC:\Windows\system32\Nkqkhk32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjjkaabc.exeC:\Windows\system32\Mjjkaabc.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aagkhd32.exeC:\Windows\system32\Aagkhd32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fkofga32.exeC:\Windows\system32\Fkofga32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lhenai32.exeC:\Windows\system32\Lhenai32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpogkhnl.exeC:\Windows\system32\Cpogkhnl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnalmh32.exeC:\Windows\system32\Fnalmh32.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjjjgh32.exeC:\Windows\system32\Fjjjgh32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fdpnda32.exeC:\Windows\system32\Fdpnda32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fjmfmh32.exeC:\Windows\system32\Fjmfmh32.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnjocf32.exeC:\Windows\system32\Fnjocf32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gcghkm32.exeC:\Windows\system32\Gcghkm32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Gdgdeppb.exeC:\Windows\system32\Gdgdeppb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gjcmngnj.exeC:\Windows\system32\Gjcmngnj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gglfbkin.exeC:\Windows\system32\Gglfbkin.exe3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hepgkohh.exeC:\Windows\system32\Hepgkohh.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbdgec32.exeC:\Windows\system32\Hbdgec32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heepfn32.exeC:\Windows\system32\Heepfn32.exe6⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hegmlnbp.exeC:\Windows\system32\Hegmlnbp.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hbknebqi.exeC:\Windows\system32\Hbknebqi.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ielfgmnj.exeC:\Windows\system32\Ielfgmnj.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Icfmci32.exeC:\Windows\system32\Icfmci32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ibgmaqfl.exeC:\Windows\system32\Ibgmaqfl.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iloajfml.exeC:\Windows\system32\Iloajfml.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jhfbog32.exeC:\Windows\system32\Jhfbog32.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jblflp32.exeC:\Windows\system32\Jblflp32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jeolckne.exeC:\Windows\system32\Jeolckne.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klmnkdal.exeC:\Windows\system32\Klmnkdal.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdhbpf32.exeC:\Windows\system32\Kdhbpf32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbjbnnfg.exeC:\Windows\system32\Kbjbnnfg.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klbgfc32.exeC:\Windows\system32\Klbgfc32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdmlkfjb.exeC:\Windows\system32\Kdmlkfjb.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbnlim32.exeC:\Windows\system32\Kbnlim32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Leoejh32.exeC:\Windows\system32\Leoejh32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Laffpi32.exeC:\Windows\system32\Laffpi32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ledoegkm.exeC:\Windows\system32\Ledoegkm.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lkqgno32.exeC:\Windows\system32\Lkqgno32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lefkkg32.exeC:\Windows\system32\Lefkkg32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhdggb32.exeC:\Windows\system32\Lhdggb32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhgdmb32.exeC:\Windows\system32\Lhgdmb32.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Moalil32.exeC:\Windows\system32\Moalil32.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mociol32.exeC:\Windows\system32\Mociol32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mklfjm32.exeC:\Windows\system32\Mklfjm32.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mahklf32.exeC:\Windows\system32\Mahklf32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nomlek32.exeC:\Windows\system32\Nomlek32.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nkcmjlio.exeC:\Windows\system32\Nkcmjlio.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nlcidopb.exeC:\Windows\system32\Nlcidopb.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nlefjnno.exeC:\Windows\system32\Nlefjnno.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nkjckkcg.exeC:\Windows\system32\Nkjckkcg.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oohkai32.exeC:\Windows\system32\Oohkai32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okolfj32.exeC:\Windows\system32\Okolfj32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohcmpn32.exeC:\Windows\system32\Ohcmpn32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odjmdocp.exeC:\Windows\system32\Odjmdocp.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohhfknjf.exeC:\Windows\system32\Ohhfknjf.exe43⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Obpkcc32.exeC:\Windows\system32\Obpkcc32.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pcpgmf32.exeC:\Windows\system32\Pcpgmf32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pilpfm32.exeC:\Windows\system32\Pilpfm32.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pbddobla.exeC:\Windows\system32\Pbddobla.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Poidhg32.exeC:\Windows\system32\Poidhg32.exe48⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Piaiqlak.exeC:\Windows\system32\Piaiqlak.exe49⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pbimjb32.exeC:\Windows\system32\Pbimjb32.exe50⤵
-
C:\Windows\SysWOW64\Pomncfge.exeC:\Windows\system32\Pomncfge.exe51⤵
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe52⤵
-
C:\Windows\SysWOW64\Qfjcep32.exeC:\Windows\system32\Qfjcep32.exe53⤵
-
C:\Windows\SysWOW64\Qkfkng32.exeC:\Windows\system32\Qkfkng32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Apddce32.exeC:\Windows\system32\Apddce32.exe55⤵
-
C:\Windows\SysWOW64\Apgqie32.exeC:\Windows\system32\Apgqie32.exe56⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Afqifo32.exeC:\Windows\system32\Afqifo32.exe57⤵
-
C:\Windows\SysWOW64\Abjfqpji.exeC:\Windows\system32\Abjfqpji.exe58⤵
-
C:\Windows\SysWOW64\Amoknh32.exeC:\Windows\system32\Amoknh32.exe59⤵
-
C:\Windows\SysWOW64\Bcicjbal.exeC:\Windows\system32\Bcicjbal.exe60⤵
-
C:\Windows\SysWOW64\Bclppboi.exeC:\Windows\system32\Bclppboi.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbalaoda.exeC:\Windows\system32\Bbalaoda.exe62⤵
-
C:\Windows\SysWOW64\Bliajd32.exeC:\Windows\system32\Bliajd32.exe63⤵
-
C:\Windows\SysWOW64\Bfoegm32.exeC:\Windows\system32\Bfoegm32.exe64⤵
-
C:\Windows\SysWOW64\Blknpdho.exeC:\Windows\system32\Blknpdho.exe65⤵
-
C:\Windows\SysWOW64\Bfabmmhe.exeC:\Windows\system32\Bfabmmhe.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Blnjecfl.exeC:\Windows\system32\Blnjecfl.exe67⤵
-
C:\Windows\SysWOW64\Cdebfago.exeC:\Windows\system32\Cdebfago.exe68⤵
-
C:\Windows\SysWOW64\Cibkohef.exeC:\Windows\system32\Cibkohef.exe69⤵
-
C:\Windows\SysWOW64\Cbjogmlf.exeC:\Windows\system32\Cbjogmlf.exe70⤵
-
C:\Windows\SysWOW64\Cmpcdfll.exeC:\Windows\system32\Cmpcdfll.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cfhhml32.exeC:\Windows\system32\Cfhhml32.exe72⤵
-
C:\Windows\SysWOW64\Cdlhgpag.exeC:\Windows\system32\Cdlhgpag.exe73⤵
-
C:\Windows\SysWOW64\Cemeoh32.exeC:\Windows\system32\Cemeoh32.exe74⤵
-
C:\Windows\SysWOW64\Cpcila32.exeC:\Windows\system32\Cpcila32.exe75⤵
-
C:\Windows\SysWOW64\Ciknefmk.exeC:\Windows\system32\Ciknefmk.exe76⤵
-
C:\Windows\SysWOW64\Dfonnk32.exeC:\Windows\system32\Dfonnk32.exe77⤵
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe78⤵
-
C:\Windows\SysWOW64\Dpgbgpbe.exeC:\Windows\system32\Dpgbgpbe.exe79⤵
-
C:\Windows\SysWOW64\Dlncla32.exeC:\Windows\system32\Dlncla32.exe80⤵
-
C:\Windows\SysWOW64\Ecdkdj32.exeC:\Windows\system32\Ecdkdj32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eebgqe32.exeC:\Windows\system32\Eebgqe32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ephlnn32.exeC:\Windows\system32\Ephlnn32.exe83⤵
-
C:\Windows\SysWOW64\Eippgckc.exeC:\Windows\system32\Eippgckc.exe84⤵
-
C:\Windows\SysWOW64\Epjhcnbp.exeC:\Windows\system32\Epjhcnbp.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egdqph32.exeC:\Windows\system32\Egdqph32.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eibmlc32.exeC:\Windows\system32\Eibmlc32.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fpoaom32.exeC:\Windows\system32\Fpoaom32.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fcmnkh32.exeC:\Windows\system32\Fcmnkh32.exe89⤵
-
C:\Windows\SysWOW64\Fjgfgbek.exeC:\Windows\system32\Fjgfgbek.exe90⤵
-
C:\Windows\SysWOW64\Ffnglc32.exeC:\Windows\system32\Ffnglc32.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ffpcbchm.exeC:\Windows\system32\Ffpcbchm.exe93⤵
-
C:\Windows\SysWOW64\Gjnlha32.exeC:\Windows\system32\Gjnlha32.exe94⤵
-
C:\Windows\SysWOW64\Gloejmld.exeC:\Windows\system32\Gloejmld.exe95⤵
-
C:\Windows\SysWOW64\Gdfmkjlg.exeC:\Windows\system32\Gdfmkjlg.exe96⤵
-
C:\Windows\SysWOW64\Gjcfcakn.exeC:\Windows\system32\Gjcfcakn.exe97⤵
-
C:\Windows\SysWOW64\Gdhjpjjd.exeC:\Windows\system32\Gdhjpjjd.exe98⤵
-
C:\Windows\SysWOW64\Gmdoel32.exeC:\Windows\system32\Gmdoel32.exe99⤵
-
C:\Windows\SysWOW64\Gnckooob.exeC:\Windows\system32\Gnckooob.exe100⤵
-
C:\Windows\SysWOW64\Gqagkjne.exeC:\Windows\system32\Gqagkjne.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hdppaidl.exeC:\Windows\system32\Hdppaidl.exe102⤵
-
C:\Windows\SysWOW64\Hmkeekag.exeC:\Windows\system32\Hmkeekag.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hjoeoo32.exeC:\Windows\system32\Hjoeoo32.exe104⤵
-
C:\Windows\SysWOW64\Hqimlihn.exeC:\Windows\system32\Hqimlihn.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hqkjaifk.exeC:\Windows\system32\Hqkjaifk.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hnokjm32.exeC:\Windows\system32\Hnokjm32.exe107⤵
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe108⤵
-
C:\Windows\SysWOW64\Imdgljil.exeC:\Windows\system32\Imdgljil.exe109⤵
-
C:\Windows\SysWOW64\Ifmldo32.exeC:\Windows\system32\Ifmldo32.exe110⤵
-
C:\Windows\SysWOW64\Imfdaigj.exeC:\Windows\system32\Imfdaigj.exe111⤵
-
C:\Windows\SysWOW64\Iglhob32.exeC:\Windows\system32\Iglhob32.exe112⤵
-
C:\Windows\SysWOW64\Imiagi32.exeC:\Windows\system32\Imiagi32.exe113⤵
-
C:\Windows\SysWOW64\Icciccmd.exeC:\Windows\system32\Icciccmd.exe114⤵
-
C:\Windows\SysWOW64\Icefib32.exeC:\Windows\system32\Icefib32.exe115⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ijonfmbn.exeC:\Windows\system32\Ijonfmbn.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iaifbg32.exeC:\Windows\system32\Iaifbg32.exe117⤵
-
C:\Windows\SysWOW64\Gllajf32.exeC:\Windows\system32\Gllajf32.exe118⤵
-
C:\Windows\SysWOW64\Gojnfb32.exeC:\Windows\system32\Gojnfb32.exe119⤵
-
C:\Windows\SysWOW64\Gedfblql.exeC:\Windows\system32\Gedfblql.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gipbck32.exeC:\Windows\system32\Gipbck32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-