Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
173s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
07/11/2023, 20:50
General
-
Target
NEAS.bbd87f7e1e62b69d2201431e2abfa2a0.exe
-
Size
391KB
-
MD5
bbd87f7e1e62b69d2201431e2abfa2a0
-
SHA1
8d8ff94ef924a5dea0afa3d4bf60a52863bfdf4a
-
SHA256
903071a9304647ee06319d047220cf0d5032176ca6724818e185c7df81f75a72
-
SHA512
5dbceb7da32750397b2dd21b0b8d73c1f9f4a86d469177228ac5638df599b5d70920a69533cf257b7bcc4ccee469eb990c75a2d87ab3dd5c8131fb52e5f9d0e6
-
SSDEEP
6144:GpcTE5QsDzaAfbAfNtTAfMAfFAfNPUmKyIxLfYeOO9UmKyIxL:G95QsrmNtuhUNP3cOK3
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.bbd87f7e1e62b69d2201431e2abfa2a0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.bbd87f7e1e62b69d2201431e2abfa2a0.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mflbjejb.exeC:\Windows\system32\Mflbjejb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oimdbnip.exeC:\Windows\system32\Oimdbnip.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pifghmae.exeC:\Windows\system32\Pifghmae.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aifpoj32.exeC:\Windows\system32\Aifpoj32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hfhgfaha.exeC:\Windows\system32\Hfhgfaha.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kddpnpdn.exeC:\Windows\system32\Kddpnpdn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kgeiokao.exeC:\Windows\system32\Kgeiokao.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lggeej32.exeC:\Windows\system32\Lggeej32.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mkcjlf32.exeC:\Windows\system32\Mkcjlf32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mbpoop32.exeC:\Windows\system32\Mbpoop32.exe11⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nqnofkkj.exeC:\Windows\system32\Nqnofkkj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oilmhhfd.exeC:\Windows\system32\Oilmhhfd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Piepnfnj.exeC:\Windows\system32\Piepnfnj.exe14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aiclodaj.exeC:\Windows\system32\Aiclodaj.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Apdkmn32.exeC:\Windows\system32\Apdkmn32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Blnhgn32.exeC:\Windows\system32\Blnhgn32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Booaii32.exeC:\Windows\system32\Booaii32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ccacjgfb.exeC:\Windows\system32\Ccacjgfb.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Djgkbp32.exeC:\Windows\system32\Djgkbp32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gimjag32.exeC:\Windows\system32\Gimjag32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gcdkdpih.exeC:\Windows\system32\Gcdkdpih.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gfedfk32.exeC:\Windows\system32\Gfedfk32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hjjbmhfg.exeC:\Windows\system32\Hjjbmhfg.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ifhibhfc.exeC:\Windows\system32\Ifhibhfc.exe25⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jabgkpad.exeC:\Windows\system32\Jabgkpad.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jdembk32.exeC:\Windows\system32\Jdembk32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jfffcf32.exeC:\Windows\system32\Jfffcf32.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kiikkada.exeC:\Windows\system32\Kiikkada.exe29⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kphmbjhi.exeC:\Windows\system32\Kphmbjhi.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lajfbmmi.exeC:\Windows\system32\Lajfbmmi.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mdhkefnj.exeC:\Windows\system32\Mdhkefnj.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njljnl32.exeC:\Windows\system32\Njljnl32.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ocldhqgb.exeC:\Windows\system32\Ocldhqgb.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Okeinn32.exeC:\Windows\system32\Okeinn32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ocegnoog.exeC:\Windows\system32\Ocegnoog.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pghiomqi.exeC:\Windows\system32\Pghiomqi.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qgopplkq.exeC:\Windows\system32\Qgopplkq.exe38⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qlmhfj32.exeC:\Windows\system32\Qlmhfj32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ankdbf32.exeC:\Windows\system32\Ankdbf32.exe40⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Abngccbl.exeC:\Windows\system32\Abngccbl.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Boknic32.exeC:\Windows\system32\Boknic32.exe42⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Dldpde32.exeC:\Windows\system32\Dldpde32.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dkljka32.exeC:\Windows\system32\Dkljka32.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ehpjdepi.exeC:\Windows\system32\Ehpjdepi.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eefhcimp.exeC:\Windows\system32\Eefhcimp.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ehimkd32.exeC:\Windows\system32\Ehimkd32.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gkjocm32.exeC:\Windows\system32\Gkjocm32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilpaei32.exeC:\Windows\system32\Ilpaei32.exe49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibijbc32.exeC:\Windows\system32\Ibijbc32.exe50⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Iicboncn.exeC:\Windows\system32\Iicboncn.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ibncmchl.exeC:\Windows\system32\Ibncmchl.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Iihkjm32.exeC:\Windows\system32\Iihkjm32.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jfoihalp.exeC:\Windows\system32\Jfoihalp.exe54⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jcbibeki.exeC:\Windows\system32\Jcbibeki.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kfjhdobb.exeC:\Windows\system32\Kfjhdobb.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Liddligi.exeC:\Windows\system32\Liddligi.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmdihgkl.exeC:\Windows\system32\Lmdihgkl.exe58⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lepnli32.exeC:\Windows\system32\Lepnli32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mccofn32.exeC:\Windows\system32\Mccofn32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nconal32.exeC:\Windows\system32\Nconal32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npfkqpjk.exeC:\Windows\system32\Npfkqpjk.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nfeqnf32.exeC:\Windows\system32\Nfeqnf32.exe63⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qqfmnk32.exeC:\Windows\system32\Qqfmnk32.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Afhoaahg.exeC:\Windows\system32\Afhoaahg.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bglefdke.exeC:\Windows\system32\Bglefdke.exe66⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bnfmcn32.exeC:\Windows\system32\Bnfmcn32.exe67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bmkjdj32.exeC:\Windows\system32\Bmkjdj32.exe68⤵
-
C:\Windows\SysWOW64\Bganac32.exeC:\Windows\system32\Bganac32.exe69⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bnkgomnl.exeC:\Windows\system32\Bnkgomnl.exe70⤵
-
C:\Windows\SysWOW64\Cmdmki32.exeC:\Windows\system32\Cmdmki32.exe71⤵
-
C:\Windows\SysWOW64\Cfonin32.exeC:\Windows\system32\Cfonin32.exe72⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ceqngekl.exeC:\Windows\system32\Ceqngekl.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cfakon32.exeC:\Windows\system32\Cfakon32.exe74⤵
-
C:\Windows\SysWOW64\Dalhgfmk.exeC:\Windows\system32\Dalhgfmk.exe75⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Dmefafql.exeC:\Windows\system32\Dmefafql.exe76⤵
-
C:\Windows\SysWOW64\Dodbkiho.exeC:\Windows\system32\Dodbkiho.exe77⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Eejjdb32.exeC:\Windows\system32\Eejjdb32.exe78⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fhpmql32.exeC:\Windows\system32\Fhpmql32.exe79⤵
-
C:\Windows\SysWOW64\Fdfmfmdo.exeC:\Windows\system32\Fdfmfmdo.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fggfghap.exeC:\Windows\system32\Fggfghap.exe81⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gehfepio.exeC:\Windows\system32\Gehfepio.exe82⤵
-
C:\Windows\SysWOW64\Gkeonggf.exeC:\Windows\system32\Gkeonggf.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdppllld.exeC:\Windows\system32\Gdppllld.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gafmkp32.exeC:\Windows\system32\Gafmkp32.exe85⤵
-
C:\Windows\SysWOW64\Hkobdeok.exeC:\Windows\system32\Hkobdeok.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hhbbmjne.exeC:\Windows\system32\Hhbbmjne.exe87⤵
-
C:\Windows\SysWOW64\Hggonfbm.exeC:\Windows\system32\Hggonfbm.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ifbbbl32.exeC:\Windows\system32\Ifbbbl32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Midfiq32.exeC:\Windows\system32\Midfiq32.exe90⤵
-
C:\Windows\SysWOW64\Pgaboa32.exeC:\Windows\system32\Pgaboa32.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Poaqocgl.exeC:\Windows\system32\Poaqocgl.exe92⤵
-
C:\Windows\SysWOW64\Qhjegh32.exeC:\Windows\system32\Qhjegh32.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qgkeep32.exeC:\Windows\system32\Qgkeep32.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qfpbfljd.exeC:\Windows\system32\Qfpbfljd.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cihjpd32.exeC:\Windows\system32\Cihjpd32.exe96⤵
-
C:\Windows\SysWOW64\Dplebmbl.exeC:\Windows\system32\Dplebmbl.exe97⤵
-
C:\Windows\SysWOW64\Djaipe32.exeC:\Windows\system32\Djaipe32.exe98⤵
-
C:\Windows\SysWOW64\Dpnbhl32.exeC:\Windows\system32\Dpnbhl32.exe99⤵
-
C:\Windows\SysWOW64\Diffabgj.exeC:\Windows\system32\Diffabgj.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dclknkfp.exeC:\Windows\system32\Dclknkfp.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Djfckenm.exeC:\Windows\system32\Djfckenm.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dpckclld.exeC:\Windows\system32\Dpckclld.exe103⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejklfd32.exeC:\Windows\system32\Ejklfd32.exe104⤵
-
C:\Windows\SysWOW64\Emihbp32.exeC:\Windows\system32\Emihbp32.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ejmild32.exeC:\Windows\system32\Ejmild32.exe106⤵
-
C:\Windows\SysWOW64\Edhjji32.exeC:\Windows\system32\Edhjji32.exe107⤵
-
C:\Windows\SysWOW64\Ejabgcdp.exeC:\Windows\system32\Ejabgcdp.exe108⤵
-
C:\Windows\SysWOW64\Epokojbg.exeC:\Windows\system32\Epokojbg.exe109⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Efhcld32.exeC:\Windows\system32\Efhcld32.exe110⤵
-
C:\Windows\SysWOW64\Embkhn32.exeC:\Windows\system32\Embkhn32.exe111⤵
-
C:\Windows\SysWOW64\Fkihgb32.exeC:\Windows\system32\Fkihgb32.exe112⤵
-
C:\Windows\SysWOW64\Fpeapilo.exeC:\Windows\system32\Fpeapilo.exe113⤵
-
C:\Windows\SysWOW64\Fgbfbc32.exeC:\Windows\system32\Fgbfbc32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fagjolao.exeC:\Windows\system32\Fagjolao.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhablf32.exeC:\Windows\system32\Fhablf32.exe116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmnkdm32.exeC:\Windows\system32\Fmnkdm32.exe117⤵
-
C:\Windows\SysWOW64\Ghdoae32.exeC:\Windows\system32\Ghdoae32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gmqgjl32.exeC:\Windows\system32\Gmqgjl32.exe119⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdjpff32.exeC:\Windows\system32\Gdjpff32.exe120⤵
-
C:\Windows\SysWOW64\Gngnjk32.exeC:\Windows\system32\Gngnjk32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-