Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
22/10/2023, 17:27
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.c9ae3b9e436aea12c26ed659a7640560.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.c9ae3b9e436aea12c26ed659a7640560.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.c9ae3b9e436aea12c26ed659a7640560.exe
-
Size
46KB
-
MD5
c9ae3b9e436aea12c26ed659a7640560
-
SHA1
ac6cbd8b7d5ca25025a16628f105e02ea092bf64
-
SHA256
a9a1735cd889210269755b09c69c8826963050d8f5154837f1c9d41b46299608
-
SHA512
3ac3d81e2136bc22f203302cadb4e4e6bfb1bd58a24153450c82945e9699904d5961d649af472235e790594fb517a5fe03bb2cf3cf5d44f03cdc5c79274af1f0
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vdu:X6QFElP6n+gJBMOtEvwDpjBtEdu
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1511405631-3522522280-778892991-1000\Control Panel\International\Geo\Nation NEAS.c9ae3b9e436aea12c26ed659a7640560.exe -
Executes dropped EXE 1 IoCs
pid Process 3176 asih.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3584 wrote to memory of 3176 3584 NEAS.c9ae3b9e436aea12c26ed659a7640560.exe 90 PID 3584 wrote to memory of 3176 3584 NEAS.c9ae3b9e436aea12c26ed659a7640560.exe 90 PID 3584 wrote to memory of 3176 3584 NEAS.c9ae3b9e436aea12c26ed659a7640560.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.c9ae3b9e436aea12c26ed659a7640560.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.c9ae3b9e436aea12c26ed659a7640560.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3584 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:3176
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5ca62bd0714878fca79926322be8db7c2
SHA1b532ebd7da7b6074e0c4e936346b0fc25451375a
SHA2561f022a4a7241b2ffbf1d6c53b2fdc25049bf0b15f519d5448cfbb7e393db4f20
SHA512ea1b1db27a2c85552d0cd9805c2f85b35bc982a60eb31b26a1e165f89abd52c10ac1fac23eb3ae639c33a37a728e70dd17a907716ac2e354010f77905b2ad59c
-
Filesize
46KB
MD5ca62bd0714878fca79926322be8db7c2
SHA1b532ebd7da7b6074e0c4e936346b0fc25451375a
SHA2561f022a4a7241b2ffbf1d6c53b2fdc25049bf0b15f519d5448cfbb7e393db4f20
SHA512ea1b1db27a2c85552d0cd9805c2f85b35bc982a60eb31b26a1e165f89abd52c10ac1fac23eb3ae639c33a37a728e70dd17a907716ac2e354010f77905b2ad59c
-
Filesize
46KB
MD5ca62bd0714878fca79926322be8db7c2
SHA1b532ebd7da7b6074e0c4e936346b0fc25451375a
SHA2561f022a4a7241b2ffbf1d6c53b2fdc25049bf0b15f519d5448cfbb7e393db4f20
SHA512ea1b1db27a2c85552d0cd9805c2f85b35bc982a60eb31b26a1e165f89abd52c10ac1fac23eb3ae639c33a37a728e70dd17a907716ac2e354010f77905b2ad59c