Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
05/11/2023, 07:35
General
-
Target
NEAS.ac9958e4a582ae514e4487ec9d273350.exe
-
Size
228KB
-
MD5
ac9958e4a582ae514e4487ec9d273350
-
SHA1
a15765543d2c078975823fcebe88cd4b763ad76d
-
SHA256
8668458c8a828b9a801383c149582c15db640d4eb5df60702db207dd2de26f25
-
SHA512
aa512f6d6e898b7a28a5d4130efb3e8e9028dac9698b7b86b01fa0c72af399a10e0341c90123a9692b51dd22b7b2942692cd0b67d2640c4e9b508f7292dd57e8
-
SSDEEP
3072:tIgcTTjAq4wbnBjvxc8287Gw8OUtyjMhTdglu4SUvmre:teAq4wb97KyjsTGxvn
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ac9958e4a582ae514e4487ec9d273350.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ac9958e4a582ae514e4487ec9d273350.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\appdata\local\temp\taskserf.exe"C:\Users\Admin\appdata\local\temp\taskserf.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 9442⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1672 -ip 16721⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228KB
MD5981849d4393da63e630a6e25d018b2cd
SHA13cafa0473ac3edf3496644e89b6a8035a321f9ba
SHA2561b9bed4ab3e463579e80e019102705289bb6e61d7e9c7b14aadf9d41d6688a5a
SHA512df8b2e8a5904d5bcc74080d014a6c743e5ce6df32c9accb1ab51f1f33a52de7016397c341d17a35d2ea9739c35b0320965e38e8a31e8943b74aa7795a6441300
-
Filesize
228KB
MD5981849d4393da63e630a6e25d018b2cd
SHA13cafa0473ac3edf3496644e89b6a8035a321f9ba
SHA2561b9bed4ab3e463579e80e019102705289bb6e61d7e9c7b14aadf9d41d6688a5a
SHA512df8b2e8a5904d5bcc74080d014a6c743e5ce6df32c9accb1ab51f1f33a52de7016397c341d17a35d2ea9739c35b0320965e38e8a31e8943b74aa7795a6441300
-
Filesize
228KB
MD5981849d4393da63e630a6e25d018b2cd
SHA13cafa0473ac3edf3496644e89b6a8035a321f9ba
SHA2561b9bed4ab3e463579e80e019102705289bb6e61d7e9c7b14aadf9d41d6688a5a
SHA512df8b2e8a5904d5bcc74080d014a6c743e5ce6df32c9accb1ab51f1f33a52de7016397c341d17a35d2ea9739c35b0320965e38e8a31e8943b74aa7795a6441300
-
Filesize
236KB
-
Filesize
236KB
-
Filesize
236KB