Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
06/11/2023, 21:25
General
-
Target
NEAS.abc65d9609976945952b8622d68de3c0.exe
-
Size
407KB
-
MD5
abc65d9609976945952b8622d68de3c0
-
SHA1
93a719b47fb746a6ced5e5f66d2b388261e4869d
-
SHA256
fefec79b4289c582a1307cce88e12f7676f7817356714f5cf61426c8fad943c1
-
SHA512
3c091270738d2284a6100809b10ab9c7cf6da2cbe457373d6813821cb21dfcf57e037c2a3efa7c7f0893b5329447567853a48bf5c6d568312f1e6a8725bf8a7b
-
SSDEEP
12288:ZM8WjQpV6yYP4rbpV6yYPg058KpV6yYPS:Z+QW4XWleKWS
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.abc65d9609976945952b8622d68de3c0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.abc65d9609976945952b8622d68de3c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kefiopki.exeC:\Windows\system32\Kefiopki.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Apeknk32.exeC:\Windows\system32\Apeknk32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aagdnn32.exeC:\Windows\system32\Aagdnn32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adgmoigj.exeC:\Windows\system32\Adgmoigj.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bdlfjh32.exeC:\Windows\system32\Bdlfjh32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkkhbb32.exeC:\Windows\system32\Bkkhbb32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bipecnkd.exeC:\Windows\system32\Bipecnkd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmpjoloh.exeC:\Windows\system32\Cmpjoloh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cmbgdl32.exeC:\Windows\system32\Cmbgdl32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cpcpfg32.exeC:\Windows\system32\Cpcpfg32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dphiaffa.exeC:\Windows\system32\Dphiaffa.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgdncplk.exeC:\Windows\system32\Dgdncplk.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpmcmf32.exeC:\Windows\system32\Dpmcmf32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekgqennl.exeC:\Windows\system32\Ekgqennl.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecbeip32.exeC:\Windows\system32\Ecbeip32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enjfli32.exeC:\Windows\system32\Enjfli32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecikjoep.exeC:\Windows\system32\Ecikjoep.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fqphic32.exeC:\Windows\system32\Fqphic32.exe19⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fboecfii.exeC:\Windows\system32\Fboecfii.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fkjfakng.exeC:\Windows\system32\Fkjfakng.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fcekfnkb.exeC:\Windows\system32\Fcekfnkb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnmlhf32.exeC:\Windows\system32\Gnmlhf32.exe23⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gnaecedp.exeC:\Windows\system32\Gnaecedp.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gcnnllcg.exeC:\Windows\system32\Gcnnllcg.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hqdkkp32.exeC:\Windows\system32\Hqdkkp32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heepfn32.exeC:\Windows\system32\Heepfn32.exe27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Halaloif.exeC:\Windows\system32\Halaloif.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hghfnioq.exeC:\Windows\system32\Hghfnioq.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iapjgo32.exeC:\Windows\system32\Iapjgo32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ijiopd32.exeC:\Windows\system32\Ijiopd32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ibbcfa32.exeC:\Windows\system32\Ibbcfa32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ihaidhgf.exeC:\Windows\system32\Ihaidhgf.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Idhiii32.exeC:\Windows\system32\Idhiii32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jaqcnl32.exeC:\Windows\system32\Jaqcnl32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jacpcl32.exeC:\Windows\system32\Jacpcl32.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jddiegbm.exeC:\Windows\system32\Jddiegbm.exe37⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Keceoj32.exeC:\Windows\system32\Keceoj32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kaopoj32.exeC:\Windows\system32\Kaopoj32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kkgdhp32.exeC:\Windows\system32\Kkgdhp32.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Khkdad32.exeC:\Windows\system32\Khkdad32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Llimgb32.exeC:\Windows\system32\Llimgb32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lolcnman.exeC:\Windows\system32\Lolcnman.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lamlphoo.exeC:\Windows\system32\Lamlphoo.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mlbpma32.exeC:\Windows\system32\Mlbpma32.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhiabbdi.exeC:\Windows\system32\Mhiabbdi.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcoepkdo.exeC:\Windows\system32\Mcoepkdo.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcabej32.exeC:\Windows\system32\Mcabej32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mkocol32.exeC:\Windows\system32\Mkocol32.exe49⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Mdghhb32.exeC:\Windows\system32\Mdghhb32.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Nlqloo32.exeC:\Windows\system32\Nlqloo32.exe51⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Noaeqjpe.exeC:\Windows\system32\Noaeqjpe.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nofoki32.exeC:\Windows\system32\Nofoki32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocfdgg32.exeC:\Windows\system32\Ocfdgg32.exe54⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oomelheh.exeC:\Windows\system32\Oomelheh.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obnnnc32.exeC:\Windows\system32\Obnnnc32.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pijcpmhc.exeC:\Windows\system32\Pijcpmhc.exe57⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pfncia32.exeC:\Windows\system32\Pfncia32.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pofhbgmn.exeC:\Windows\system32\Pofhbgmn.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcdqhecd.exeC:\Windows\system32\Pcdqhecd.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pokanf32.exeC:\Windows\system32\Pokanf32.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pfeijqqe.exeC:\Windows\system32\Pfeijqqe.exe62⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pomncfge.exeC:\Windows\system32\Pomncfge.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qfjcep32.exeC:\Windows\system32\Qfjcep32.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qkfkng32.exeC:\Windows\system32\Qkfkng32.exe66⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Aeopfl32.exeC:\Windows\system32\Aeopfl32.exe67⤵
-
C:\Windows\SysWOW64\Apddce32.exeC:\Windows\system32\Apddce32.exe68⤵
-
C:\Windows\SysWOW64\Alkeifga.exeC:\Windows\system32\Alkeifga.exe69⤵
-
C:\Windows\SysWOW64\Abemep32.exeC:\Windows\system32\Abemep32.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Aioebj32.exeC:\Windows\system32\Aioebj32.exe71⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Acdioc32.exeC:\Windows\system32\Acdioc32.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aeffgkkp.exeC:\Windows\system32\Aeffgkkp.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Alpnde32.exeC:\Windows\system32\Alpnde32.exe74⤵
-
C:\Windows\SysWOW64\Aehbmk32.exeC:\Windows\system32\Aehbmk32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Albkieqj.exeC:\Windows\system32\Albkieqj.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bfhofnpp.exeC:\Windows\system32\Bfhofnpp.exe77⤵
-
C:\Windows\SysWOW64\Bldgoeog.exeC:\Windows\system32\Bldgoeog.exe78⤵
-
C:\Windows\SysWOW64\Bboplo32.exeC:\Windows\system32\Bboplo32.exe79⤵
-
C:\Windows\SysWOW64\Bikeni32.exeC:\Windows\system32\Bikeni32.exe80⤵
-
C:\Windows\SysWOW64\Beaecjab.exeC:\Windows\system32\Beaecjab.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bbefln32.exeC:\Windows\system32\Bbefln32.exe82⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdebfago.exeC:\Windows\system32\Cdebfago.exe83⤵
-
C:\Windows\SysWOW64\Cdgolq32.exeC:\Windows\system32\Cdgolq32.exe84⤵
-
C:\Windows\SysWOW64\Cmpcdfll.exeC:\Windows\system32\Cmpcdfll.exe85⤵
-
C:\Windows\SysWOW64\Cpqlfa32.exeC:\Windows\system32\Cpqlfa32.exe86⤵
-
C:\Windows\SysWOW64\Cpcila32.exeC:\Windows\system32\Cpcila32.exe87⤵
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe88⤵
-
C:\Windows\SysWOW64\Dedkogqm.exeC:\Windows\system32\Dedkogqm.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dbhlikpf.exeC:\Windows\system32\Dbhlikpf.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Dlqpaafg.exeC:\Windows\system32\Dlqpaafg.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Deidjf32.exeC:\Windows\system32\Deidjf32.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dlcmgqdd.exeC:\Windows\system32\Dlcmgqdd.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dmbiackg.exeC:\Windows\system32\Dmbiackg.exe94⤵
-
C:\Windows\SysWOW64\Epcbbohh.exeC:\Windows\system32\Epcbbohh.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emgblc32.exeC:\Windows\system32\Emgblc32.exe96⤵
-
C:\Windows\SysWOW64\Egpgehnb.exeC:\Windows\system32\Egpgehnb.exe97⤵
-
C:\Windows\SysWOW64\Egbdjhlp.exeC:\Windows\system32\Egbdjhlp.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Elolco32.exeC:\Windows\system32\Elolco32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fnnimbaj.exeC:\Windows\system32\Fnnimbaj.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fdhail32.exeC:\Windows\system32\Fdhail32.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fjeibc32.exeC:\Windows\system32\Fjeibc32.exe102⤵
-
C:\Windows\SysWOW64\Fgijkgeh.exeC:\Windows\system32\Fgijkgeh.exe103⤵
-
C:\Windows\SysWOW64\Flfbcndo.exeC:\Windows\system32\Flfbcndo.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ffnglc32.exeC:\Windows\system32\Ffnglc32.exe105⤵
-
C:\Windows\SysWOW64\Fcbgfhii.exeC:\Windows\system32\Fcbgfhii.exe106⤵
-
C:\Windows\SysWOW64\Fnglcqio.exeC:\Windows\system32\Fnglcqio.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fcddkggf.exeC:\Windows\system32\Fcddkggf.exe108⤵
-
C:\Windows\SysWOW64\Glmhdm32.exeC:\Windows\system32\Glmhdm32.exe109⤵
-
C:\Windows\SysWOW64\Gloejmld.exeC:\Windows\system32\Gloejmld.exe110⤵
-
C:\Windows\SysWOW64\Gfgjbb32.exeC:\Windows\system32\Gfgjbb32.exe111⤵
-
C:\Windows\SysWOW64\Gggfme32.exeC:\Windows\system32\Gggfme32.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gmdoel32.exeC:\Windows\system32\Gmdoel32.exe113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gflcnanp.exeC:\Windows\system32\Gflcnanp.exe114⤵
-
C:\Windows\SysWOW64\Gdmcki32.exeC:\Windows\system32\Gdmcki32.exe115⤵
-
C:\Windows\SysWOW64\Hfnpca32.exeC:\Windows\system32\Hfnpca32.exe116⤵
-
C:\Windows\SysWOW64\Hmpnqj32.exeC:\Windows\system32\Hmpnqj32.exe117⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hjcojo32.exeC:\Windows\system32\Hjcojo32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe119⤵
-
C:\Windows\SysWOW64\Ijfkpnji.exeC:\Windows\system32\Ijfkpnji.exe120⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iqpclh32.exeC:\Windows\system32\Iqpclh32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-