Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 20:48
Behavioral task
behavioral1
Sample
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
Resource
win10v2004-20231025-en
General
-
Target
NEAS.aff625098f90aea87a86e1e94d1ff970.exe
-
Size
122KB
-
MD5
aff625098f90aea87a86e1e94d1ff970
-
SHA1
fe163d84539a8bc5411614e2dc6ec3467b8ea19e
-
SHA256
975e700ee720d911ff1f794bbc843517b278292aa959ecbc9415f2a8be9f38ea
-
SHA512
12753ccc5e0506cee33b252670147253705c238ca6c30d7fa88fd5222d17db7011223f183ce5dae619e7b31e646b5e736bbd65a82e43e35957832efb23151aa4
-
SSDEEP
3072:RAbPLV7Pz2vVYtwOQ5jv3Gd22DMfhCq5RHcwlNAh:ibPLJLtwdv2PalHah
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4156 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Executes dropped EXE 1 IoCs
pid Process 4156 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
resource yara_rule behavioral2/memory/888-0-0x0000000000400000-0x000000000047D000-memory.dmp upx behavioral2/files/0x00040000000006e5-12.dat upx behavioral2/memory/4156-14-0x0000000000400000-0x000000000047D000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 888 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 888 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 4156 NEAS.aff625098f90aea87a86e1e94d1ff970.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 888 wrote to memory of 4156 888 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 87 PID 888 wrote to memory of 4156 888 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 87 PID 888 wrote to memory of 4156 888 NEAS.aff625098f90aea87a86e1e94d1ff970.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:888 -
C:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exeC:\Users\Admin\AppData\Local\Temp\NEAS.aff625098f90aea87a86e1e94d1ff970.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4156
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
122KB
MD5f18db71c070804abbe191d15023705ce
SHA1d2fefb30acb325429ff961005ba0365cc2a1a74d
SHA256d714aef061685fbbeed4f1f8cd940b785983778095ba20a0923c51bb7ebd0257
SHA5128cd710101ee4e4944f31198bee401caf3b0cd62c8ca80fae85e9aa14cec3888e32ff4fa420f0f1d175457ce68e1b4eb54fce61d73c7b8a64bdfac855577ab7bd