Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.e6aeb...00.exe

windows7-x64

7

NEAS.e6aeb...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.e6aebf6eb4ff626ad0a2ecb7f7146c00.exe

  • Size

    123KB

  • MD5

    e6aebf6eb4ff626ad0a2ecb7f7146c00

  • SHA1

    fef50f36aa3c8b6bda0604f7a51b33d6d6d0daf7

  • SHA256

    f15b8a71f8f4c2281fc5a3adc44ba2920fb6ee2194165521c4f367cac9ef653e

  • SHA512

    fadf556013a3fd50cf5c538716cf1d3250542992be4075f2f8e1ba1dd5fb5ad9b0ffb9f48c8f434286de1ef15fb5a70a1e50934a64aa8aef41d0e9a18f6efb2f

  • SSDEEP

    3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2b:AWKauSuiWNiUBRJrW7fb

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.e6aebf6eb4ff626ad0a2ecb7f7146c00.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.e6aebf6eb4ff626ad0a2ecb7f7146c00.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3888
    • C:\ProgramData\Update\wuauclt.exe
      "C:\ProgramData\Update\wuauclt.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2864
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\NEAS.e6aebf6eb4ff626ad0a2ecb7f7146c00.exe" >> NUL
      2⤵
        PID:4752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      123KB

      MD5

      78fbbf9044d2aca268f64b30c7c9316d

      SHA1

      b4d3cc4f566b7878ccc76304d5dee7ddf0685fed

      SHA256

      1ca95621c364e75890ac6bc87dfa0bfed3e027f30369a53611f18efcd088db38

      SHA512

      f7101fb71bd4cea219d45cb28abe47083090afe2893f8d6a00b5a211fa641308c021d2e6f8838e033943356ce88209415a408375181b8edcd27d242239212ec7

      Download Submit

    • C:\ProgramData\Update\wuauclt.exe
      Filesize

      123KB

      MD5

      78fbbf9044d2aca268f64b30c7c9316d

      SHA1

      b4d3cc4f566b7878ccc76304d5dee7ddf0685fed

      SHA256

      1ca95621c364e75890ac6bc87dfa0bfed3e027f30369a53611f18efcd088db38

      SHA512

      f7101fb71bd4cea219d45cb28abe47083090afe2893f8d6a00b5a211fa641308c021d2e6f8838e033943356ce88209415a408375181b8edcd27d242239212ec7

      Download Submit