Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
04/11/2023, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe
-
Size
24KB
-
MD5
df0606ee41dd19450a715affa7abf6a0
-
SHA1
05ad7eae065c96c629f5e4d628f9f17098dd4da5
-
SHA256
3a703c6c82ba6b8e787eadbcb7bd09eeaab471688cf4955132922e7dc0597c83
-
SHA512
aa3b69430b572e61a5522945062d950f26576f993dbb88270a2e34bdb4f0e17c4906c29154afbb3e783d7830ae3676fd43e83329cbe56b598807f31be1f970b7
-
SSDEEP
768:19djHXRrs9sINeZEtejlIkoLN127BFVn2p4lAnZ8OAm++KRO2vV3dFJ9iq2+TQ:DdjXRrs9sINeZEtejlIkoLN127BFVn2J
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe -
Executes dropped EXE 1 IoCs
pid Process 4748 googleupdate.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2512 wrote to memory of 4748 2512 NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe 84 PID 2512 wrote to memory of 4748 2512 NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe 84 PID 2512 wrote to memory of 4748 2512 NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.df0606ee41dd19450a715affa7abf6a0_JC.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\googleupdate.exe"C:\Users\Admin\AppData\Local\Temp\googleupdate.exe"2⤵
- Executes dropped EXE
PID:4748
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5beecd5a4dadf8d50deeca0e703a6e74a
SHA18964eac1d18385916a134d7af55ad54229e64fd6
SHA25644a8a3e9fd3743eff7a2ab4d73864d123e76387640d63acdbec335b30e0929c3
SHA512da9c6b2b001da7f920b217dcab5f663150727217e80a3ad2ffef23b3424a410fa7c8916686e577ed1262a32307f6771c037f41a3a110f793f82a6429c0c6aa61
-
Filesize
24KB
MD5beecd5a4dadf8d50deeca0e703a6e74a
SHA18964eac1d18385916a134d7af55ad54229e64fd6
SHA25644a8a3e9fd3743eff7a2ab4d73864d123e76387640d63acdbec335b30e0929c3
SHA512da9c6b2b001da7f920b217dcab5f663150727217e80a3ad2ffef23b3424a410fa7c8916686e577ed1262a32307f6771c037f41a3a110f793f82a6429c0c6aa61
-
Filesize
24KB
MD5beecd5a4dadf8d50deeca0e703a6e74a
SHA18964eac1d18385916a134d7af55ad54229e64fd6
SHA25644a8a3e9fd3743eff7a2ab4d73864d123e76387640d63acdbec335b30e0929c3
SHA512da9c6b2b001da7f920b217dcab5f663150727217e80a3ad2ffef23b3424a410fa7c8916686e577ed1262a32307f6771c037f41a3a110f793f82a6429c0c6aa61