Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.ea8cb...JC.exe

windows7-x64

6

NEAS.ea8cb...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/11/2023, 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.ea8cbde2a13a3fdcb31ade83e7498510_JC.exe

  • Size

    393KB

  • MD5

    ea8cbde2a13a3fdcb31ade83e7498510

  • SHA1

    7130588684c87d29cbd9bf25cd8823f69dda5e2e

  • SHA256

    e75de707168383230955693f4d7079f1099cf520d27bcba20d3226c9554e18ef

  • SHA512

    5e89460e76edf59a55e11815692917fc5caf32e4adae92bbd5cedf3666e9a14f1ae8f651860adefda2b0f14084897588b2b25c80c75334ec9858ecb612bee194

  • SSDEEP

    6144:gs833CnotE7RN8JmrwW9NaZIGBQLBYUSWO7F3vZeSRlaYy/hO3s:mLtE7RaflQL6UfMMd/hes

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 17 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.ea8cbde2a13a3fdcb31ade83e7498510_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.ea8cbde2a13a3fdcb31ade83e7498510_JC.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://img.sedoparking.com/images/js_preloader.gif?cod=000ACA449590008BDD5AAC&user=err&shared=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3468
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3468 CREDAT:17410 /prefetch:2
        3⤵
          PID:3880

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Temp\sys32\$$FREE$$ .exe
      Filesize

      416KB

      MD5

      fcb927b3ff74c54068f8ad07a27396fc

      SHA1

      9070644490125971aba968932f3e43c0d05cecf8

      SHA256

      59c21fa040cc4c7a064a15d1150135ee67c7e8fa515da835db4f109d81030819

      SHA512

      349e9843e77b217d2886558fff1d812f57ecb795726781be32bde7f26f29c494380e03cca24e7daa5059c5e9bf2ba56d20b12662a8cd78ae059f33d286128dad

      Download Submit

    • memory/3984-5-0x00000000021C0000-0x00000000021C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3984-3-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-0-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-6-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-8-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-2-0x00000000021C0000-0x00000000021C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3984-17-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-23-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-42-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-61-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-78-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download

    • memory/3984-101-0x0000000000400000-0x0000000000458000-memory.dmp

      Filesize

      352KB

      Download