Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.d3361...e0.exe

windows7-x64

7

NEAS.d3361...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/11/2023, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.d3361da06cd587144d52d92ad1db72e0.exe

  • Size

    887KB

  • MD5

    d3361da06cd587144d52d92ad1db72e0

  • SHA1

    0f4b929e7065bb69651ac6c45c127e3064392e78

  • SHA256

    a0b31406c25e0533efc68a0cd1023e7bf0b7d2efd7f829d51d1953721ca4b0e1

  • SHA512

    2a84c11fd8aa6b38dbd7c9775c12373ce2c04c31c82cb83d763195c21bf279ef162bf3c1e7215fca5e8482d238a1ce3bed755449c44d1b42baf6cdda12cda12e

  • SSDEEP

    24576:1D16eB79ccc7cP/bDHHIp04rgZx9A7uDIVzWDJD1QB/1E3U+dmFOJlnC8UcccvXw:1D16eBhccc7cP/bDHHIp04rgZx9A7uDs

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.d3361da06cd587144d52d92ad1db72e0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.d3361da06cd587144d52d92ad1db72e0.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 352
      2⤵
      • Program crash
      PID:4416
    • C:\Users\Admin\AppData\Local\Temp\NEAS.d3361da06cd587144d52d92ad1db72e0.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.d3361da06cd587144d52d92ad1db72e0.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1464
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 344
        3⤵
        • Program crash
        PID:1696
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 396
        3⤵
        • Program crash
        PID:1332
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1680 -ip 1680
    1⤵
      PID:3032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1464 -ip 1464
      1⤵
        PID:4892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1464 -ip 1464
        1⤵
          PID:1992

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\NEAS.d3361da06cd587144d52d92ad1db72e0.exe
          Filesize

          887KB

          MD5

          7203013e8db0d166fde9deecb5613ee7

          SHA1

          2c25e09e9538b751af1eca4cec0dabe5c70e94f5

          SHA256

          09ada2ef8609c5690da1c4471f488ae28e2be3ec35e14bf0ed338dafcadbce77

          SHA512

          12dc940518f8d0bf4f50b2cd921a29d3eebc41973e6c2349fbb4cad7b82381bcfcc350ccf3983ce1d4f3156cb4ecfb43caaf9598ece1ca7b42244065cab244d4

          Download Submit

        • memory/1464-7-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1464-8-0x0000000005050000-0x000000000513D000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1464-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/1680-0-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download

        • memory/1680-6-0x0000000000400000-0x00000000004ED000-memory.dmp

          Filesize

          948KB

          Download