Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.2f5cc...20.exe

windows7-x64

6

NEAS.2f5cc...20.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2f5cc4fbc19b6bc4e5a3005cb093f420.exe

  • Size

    221KB

  • MD5

    2f5cc4fbc19b6bc4e5a3005cb093f420

  • SHA1

    0d8fa0efa6dedff1bd81f4db82052d13e2682b55

  • SHA256

    425cf71ebc627c375cb68f4fbc1791c3fd52cdf68988d15eba945208c986563f

  • SHA512

    71508653e9adadd19374410b14935a8e5c9f0ae0af613faa426f86212f5ee23e31b78b05d00668fb073a0f6cbf011916e7a52f88d18c94de00b8386d79350f08

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/858DpjBFitka5:o68i3odBiTl2+TCU/8gWtkqD

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2f5cc4fbc19b6bc4e5a3005cb093f420.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2f5cc4fbc19b6bc4e5a3005cb093f420.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      81B

      MD5

      13845dae57fda1e964edef1872a98810

      SHA1

      8c1fc3dd3fa2f3fce34876034ce9302adef2e1fa

      SHA256

      587ebce1c5c646e7cf7a88524809aec97d8defe304ff78af7c93fc6be18bb80b

      SHA512

      3771a3b6c13c25e1db09bbe71d1b131e45c431c8fa009805692d4744dd1423e3d78f27f69850e2863b4a62f0a336cd8d80cc38adf3c32bef1bc8e74245b4abe6

      Download Submit

    • C:\Windows\bugMAKER.bat
      Filesize

      81B

      MD5

      13845dae57fda1e964edef1872a98810

      SHA1

      8c1fc3dd3fa2f3fce34876034ce9302adef2e1fa

      SHA256

      587ebce1c5c646e7cf7a88524809aec97d8defe304ff78af7c93fc6be18bb80b

      SHA512

      3771a3b6c13c25e1db09bbe71d1b131e45c431c8fa009805692d4744dd1423e3d78f27f69850e2863b4a62f0a336cd8d80cc38adf3c32bef1bc8e74245b4abe6

      Download Submit

    • memory/1612-67-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/2264-62-0x0000000002420000-0x0000000002421000-memory.dmp

      Filesize

      4KB

      Download