Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.03d12...JC.exe

windows7-x64

7

NEAS.03d12...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/10/2023, 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe

  • Size

    238KB

  • MD5

    03d12e33d354e68c8808b7209ff48830

  • SHA1

    7adecd76ff6b4242f4f275f0648c40efe38de2cb

  • SHA256

    e72abeefc0524e0ee6164ade280201d7bbdc773dff9b916273a6a3dfc7335d9b

  • SHA512

    bf080d3c2ac2ffbe123c3b6de69f77c6f928d6d167ba839c1d7f1fa515cbb8fc4a40a1beda214faa79a29a7a9810dddcabad35558a13e360fec68fdf1ab9caed

  • SSDEEP

    3072:TgI6nNS2hw6bbqpNSaIJmp8r+E093T1539v1gL/z6NK:TVWwRaaK48rNu1v9gLr68

Score
7/10
miner

Malware Config

Signatures

  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\.Trash-100\ActivateDesktop.exe
      C:\.Trash-100\ActivateDesktop.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    238KB

    MD5

    726a9ecf0fcb89e37fc12cc3005e777a

    SHA1

    bb911a328b9b21860c4daa39495749dc4cde8240

    SHA256

    67a2e1dc86e6b49e97ce2b04f6b79e88ec52dbeb980e32f9b676168a6c9a58ae

    SHA512

    66c666da33e6888056ec725beed11fc8a5510f4987d2e72e90cd940331c6b6345dce3fe59cd029e7805e30d550d153648f263236afdf02fa0f71507225d00d88

    Download Submit

  • C:\.Trash-100\ActivateDesktop.exe
    Filesize

    238KB

    MD5

    726a9ecf0fcb89e37fc12cc3005e777a

    SHA1

    bb911a328b9b21860c4daa39495749dc4cde8240

    SHA256

    67a2e1dc86e6b49e97ce2b04f6b79e88ec52dbeb980e32f9b676168a6c9a58ae

    SHA512

    66c666da33e6888056ec725beed11fc8a5510f4987d2e72e90cd940331c6b6345dce3fe59cd029e7805e30d550d153648f263236afdf02fa0f71507225d00d88

    Download Submit

  • C:\.Trash-100\db\framework_exe
    Filesize

    19B

    MD5

    665009c6d258a06e710ff8c7810f4697

    SHA1

    abf7abc9bae75e5323a12b1d58336dfe0fd58e22

    SHA256

    98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a

    SHA512

    a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635

    Download Submit

  • C:\.Trash-100\db\version
    Filesize

    4B

    MD5

    d33f67c5652acb3fac99b9dc16bea0c1

    SHA1

    456ecc26a705746349aaee35b187f91a3fa088fc

    SHA256

    d49308d2181e81230a9badbdae5b3e5065c3427fb5e3276e0e9b5287a9a623a4

    SHA512

    49f94b370cc9cb59ab168666e18f58dcb6d6f5b801379e28c7c16d016e2afa53e144aba2eb5884d9868c9e918e439bf522888b9ee70accc3dd019dad9e748c96

    Download Submit