Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.6b119...cf.exe

windows7-x64

6

NEAS.6b119...cf.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6b119021085626d8806eee94342df8cf.exe

  • Size

    1.5MB

  • MD5

    6b119021085626d8806eee94342df8cf

  • SHA1

    807aacf3dba9713fa0e0b5f0bcde33b73a15c190

  • SHA256

    8657c5b2f37a96af838f18a20758bd6f426073563b079e795f6b1cfc5e416049

  • SHA512

    c5da84c5d41ae82b903eb87f9e18e1ea6e284443033aed324e62a245d9202b916eb09dfb9591213ddb8e15bda1a8e50a05696008019dfdb364d7bf71bc101039

  • SSDEEP

    3072:HZUWlN3tGXRvjxCb5NgXDY7uSK4aqTBa9pOA:5FAlKgzeYqTCOA

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 21 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6b119021085626d8806eee94342df8cf.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6b119021085626d8806eee94342df8cf.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:3416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 612
      2⤵
      • Program crash
      PID:3248
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3416 -ip 3416
    1⤵
      PID:636

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7z.cab
      Filesize

      458KB

      MD5

      619f7135621b50fd1900ff24aade1524

      SHA1

      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

      SHA256

      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

      SHA512

      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      1.5MB

      MD5

      ce68f0613a89b27d434b1602a1d2d39e

      SHA1

      83e400f461d0fefbada402eb06e08329877cfed0

      SHA256

      d365cbed1c0d6bad2ef90d47235d7e2dd1a20e1269c0a4b5412b549d79c8f6a2

      SHA512

      4c7038a4d75623e0139e69743e10a1f97e2213333b25791f29a6231d609633920daca28ca93810b2b2c4fe99709a37a7b0809057683915834a84c3a14e7026c8

      Download Submit

    • C:\Program Files\7-Zip\7zFM.cab
      Filesize

      847KB

      MD5

      c8f40f25f783a52262bdaedeb5555427

      SHA1

      e45e198607c8d7398745baa71780e3e7a2f6deca

      SHA256

      e81b44ee7381ae3b630488b6fb7e3d9ffbdd9ac3032181d4ccaaff3409b57316

      SHA512

      f5944743f54028eb1dd0f2d68468726b177d33185324da0da96cdd20768bab4ca2e507ae9157b2733fd6240c920b7e15a5f5b9f284ee09d0fd385fc895b97191

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\RCXC886.tmp
      Filesize

      228KB

      MD5

      51f3035b62d61be815527e22ef9677da

      SHA1

      2d0b7e7802189331a6e4d292e13ad69eea1c415a

      SHA256

      f3108197f3db1ec6a28723118ac8669d542b7dfe4f4718b4f9c430cae0521b13

      SHA512

      825442c43cdd07ef4ac450158c103d75f5533e0c4d13859eb9dc25e72621d7cfd815fd0040f4be4639af808bd88e228c013acb255b4368c71941c3fee3792c39

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab
      Filesize

      2.1MB

      MD5

      b8d69fa2755c3ab1f12f8866a8e2a4f7

      SHA1

      8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

      SHA256

      7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

      SHA512

      5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

      Download Submit