Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.c613b...c0.exe

windows7-x64

6

NEAS.c613b...c0.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.c613bed72dd920f99b25a8e96df737c0.exe

  • Size

    965KB

  • MD5

    c613bed72dd920f99b25a8e96df737c0

  • SHA1

    8704ca8e6198c55e7fc8f639963ddec28de55642

  • SHA256

    4dbd75db53c3dc0f347234ff78429ba2045a3d75a8157f81bd5e9f12559605c1

  • SHA512

    c29b202b9bfd8f87cf04c07a2ba79775ff2774b968d52e101da4ba1b45ab86d6abe65640a2028f8508072f192382bf33500220f1a7b0cc7d23d7e64f168c5d2e

  • SSDEEP

    12288:i2ToLD2QfWUEknSsmjj/UVF4TRSEm8HFTjMVJK1P5aEL3L7yhxoeVsc:ikuPfWsnnw/UV+RSEm8HZMVcRaE2v1

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c613bed72dd920f99b25a8e96df737c0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.c613bed72dd920f99b25a8e96df737c0.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.c613bed72dd920f99b25a8e96df737c0.exe
    Filesize

    965KB

    MD5

    2837783d1bc0d13d80400a6c238b644c

    SHA1

    c43071b988be9ea6d9516db5735828fb96d58610

    SHA256

    0e314a765581ce20d6a1a256ddc5fa9159380d540f742fd0e297a33e7e9820ad

    SHA512

    0d8e223dbae0a0cfe559c2dc5fd1c2d59276a95352a2f24b3613bfb3d4a5b550c1892edc6eb23f09723da84caab581c1939fe4a1bb64daba4625aa4dea9ab5e8

    Download Submit

  • memory/1632-13-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-15-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-5-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-6-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-3-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1632-11-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-4-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-12-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-14-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-0-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-16-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-17-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-18-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-19-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-20-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/1632-21-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download