Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.096b8...30.exe

windows7-x64

7

NEAS.096b8...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.096b8a00fda39d66e670b6f4ff6fd330.exe

  • Size

    409KB

  • MD5

    096b8a00fda39d66e670b6f4ff6fd330

  • SHA1

    8032684902e1a92cc07f2ad2cda2ae1ff4282959

  • SHA256

    1b14eadcdc59663987a6fb3ab1ee24a55c3f0409f8cca6819c2ae13ca5dca5c3

  • SHA512

    9eb6438ce1e6e1635827a122c133c07784e5c7251f7add156c1eebdc17a162d6179b2c6c61533d0b5de5b755ed31b1f0f7ee88cc0b9483cc84afc3a791331557

  • SSDEEP

    6144:ho+k6sXkPV9WBtpypFBK4Tu/6KDv0PvwnG1+eNgqHuLEZsHE1:GrWcDkpFBK4Tujv0PvE2Nley

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.096b8a00fda39d66e670b6f4ff6fd330.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.096b8a00fda39d66e670b6f4ff6fd330.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Users\Admin\AppData\Local\Temp\89EC.tmp
      "C:\Users\Admin\AppData\Local\Temp\89EC.tmp" --pingC:\Users\Admin\AppData\Local\Temp\NEAS.096b8a00fda39d66e670b6f4ff6fd330.exe 8EE770820DAC6B79A0321AB722066F9480516D3B448AB0BA1F043D974255D3C2F4A6F2AC0F18BA47BE9E58352AC215AC95A6D69ADDF200ED2AF8CE72947D7C38
      2⤵
      • Executes dropped EXE
      PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\89EC.tmp
    Filesize

    409KB

    MD5

    7661da9f9d66d3025005b033370baee8

    SHA1

    8dd32b7cdd78ac76049bf2aed750dbfb5464592c

    SHA256

    8908cfc947362b8f8d2636823bbf03acd05d8395e55f86c1030bbd9cf6307e32

    SHA512

    60ca98f502dd9067503d0cc0a9c11478c98afef6ece6609cf8b9496c94d99cac5c6d148022e1856a42a17928228dc1c0c4a452a79774c4fc0e2d7d539fd592b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\89EC.tmp
    Filesize

    409KB

    MD5

    7661da9f9d66d3025005b033370baee8

    SHA1

    8dd32b7cdd78ac76049bf2aed750dbfb5464592c

    SHA256

    8908cfc947362b8f8d2636823bbf03acd05d8395e55f86c1030bbd9cf6307e32

    SHA512

    60ca98f502dd9067503d0cc0a9c11478c98afef6ece6609cf8b9496c94d99cac5c6d148022e1856a42a17928228dc1c0c4a452a79774c4fc0e2d7d539fd592b1

    Download Submit