Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
22/10/2023, 14:02
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe
-
Size
238KB
-
MD5
03d12e33d354e68c8808b7209ff48830
-
SHA1
7adecd76ff6b4242f4f275f0648c40efe38de2cb
-
SHA256
e72abeefc0524e0ee6164ade280201d7bbdc773dff9b916273a6a3dfc7335d9b
-
SHA512
bf080d3c2ac2ffbe123c3b6de69f77c6f928d6d167ba839c1d7f1fa515cbb8fc4a40a1beda214faa79a29a7a9810dddcabad35558a13e360fec68fdf1ab9caed
-
SSDEEP
3072:TgI6nNS2hw6bbqpNSaIJmp8r+E093T1539v1gL/z6NK:TVWwRaaK48rNu1v9gLr68
Malware Config
Signatures
-
Cryptocurrency Miner
Makes network request to known mining pool URL.
-
Executes dropped EXE 1 IoCs
pid Process 2680 ActivateDesktop.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1060 NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe 1060 NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe 2680 ActivateDesktop.exe 2680 ActivateDesktop.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1060 wrote to memory of 2680 1060 NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe 83 PID 1060 wrote to memory of 2680 1060 NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe 83 PID 1060 wrote to memory of 2680 1060 NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.03d12e33d354e68c8808b7209ff48830_JC.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1060 -
C:\.Trash-100\ActivateDesktop.exeC:\.Trash-100\ActivateDesktop.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
238KB
MD5726a9ecf0fcb89e37fc12cc3005e777a
SHA1bb911a328b9b21860c4daa39495749dc4cde8240
SHA25667a2e1dc86e6b49e97ce2b04f6b79e88ec52dbeb980e32f9b676168a6c9a58ae
SHA51266c666da33e6888056ec725beed11fc8a5510f4987d2e72e90cd940331c6b6345dce3fe59cd029e7805e30d550d153648f263236afdf02fa0f71507225d00d88
-
Filesize
238KB
MD5726a9ecf0fcb89e37fc12cc3005e777a
SHA1bb911a328b9b21860c4daa39495749dc4cde8240
SHA25667a2e1dc86e6b49e97ce2b04f6b79e88ec52dbeb980e32f9b676168a6c9a58ae
SHA51266c666da33e6888056ec725beed11fc8a5510f4987d2e72e90cd940331c6b6345dce3fe59cd029e7805e30d550d153648f263236afdf02fa0f71507225d00d88
-
Filesize
19B
MD5665009c6d258a06e710ff8c7810f4697
SHA1abf7abc9bae75e5323a12b1d58336dfe0fd58e22
SHA25698dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a
SHA512a27669035751658896afe937847a3752525b548208d5b8929f9c3b576ccc3528820d3faf10ac80047ada1d47acc5d6246f877f15cec9b4a032eb04da1ee63635
-
Filesize
4B
MD5d33f67c5652acb3fac99b9dc16bea0c1
SHA1456ecc26a705746349aaee35b187f91a3fa088fc
SHA256d49308d2181e81230a9badbdae5b3e5065c3427fb5e3276e0e9b5287a9a623a4
SHA51249f94b370cc9cb59ab168666e18f58dcb6d6f5b801379e28c7c16d016e2afa53e144aba2eb5884d9868c9e918e439bf522888b9ee70accc3dd019dad9e748c96