Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.62964...60.exe

windows7-x64

7

NEAS.62964...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2023, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6296452948590aebe62ddd22ee76ed60.exe

  • Size

    93KB

  • MD5

    6296452948590aebe62ddd22ee76ed60

  • SHA1

    a3bed2ea0e2b78f21b3a3fc04ab853fd3146af80

  • SHA256

    e70085aa1f4d6f5b98412ee2a2b1e8505dce378b7704ab816fab4f26706f9e24

  • SHA512

    0d49a2fd28e1be0252af30b8bb165f91f76c8fa291aa86f498d6891b775a64d8295b84aab4c09373244a044518b3f45e0b90856fbefc2c3990a5eb9ae9366e69

  • SSDEEP

    1536:PGYU/W2/HG6QMauSV3ixJHABLrmhH7i9CO+WHg7zRZICrWaGZh7O:PfU/WF6QMauSuiWNi9CO+WARJrWNZ8

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6296452948590aebe62ddd22ee76ed60.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6296452948590aebe62ddd22ee76ed60.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2532
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\NEAS.6296452948590aebe62ddd22ee76ed60.exe" >> NUL
      2⤵
        PID:820

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      93KB

      MD5

      2e4ce22a680346c5ffbe1fe9806e610e

      SHA1

      4ef9031cbc29c4a0e86e83fdcce205091106f169

      SHA256

      03426071e835d20e276445f1aa8662bc6fd57009086ca1a327508976ebd4e4ca

      SHA512

      665f47ad5b6bcf5ee99d1dad794a4348e67fad4ab20ebca9d0dba7407d794d041214ac1186b0cdd2eb7ce0fdf20781cffea5a4469def4a3a908a3a4c0d981647

      Download Submit

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      93KB

      MD5

      2e4ce22a680346c5ffbe1fe9806e610e

      SHA1

      4ef9031cbc29c4a0e86e83fdcce205091106f169

      SHA256

      03426071e835d20e276445f1aa8662bc6fd57009086ca1a327508976ebd4e4ca

      SHA512

      665f47ad5b6bcf5ee99d1dad794a4348e67fad4ab20ebca9d0dba7407d794d041214ac1186b0cdd2eb7ce0fdf20781cffea5a4469def4a3a908a3a4c0d981647

      Download Submit