Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
180s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
11/11/2023, 05:42
General
-
Target
NEAS.ba92b6a695d150b3a89798637c053200.exe
-
Size
397KB
-
MD5
ba92b6a695d150b3a89798637c053200
-
SHA1
88ffbecdbf2ad89a1992629a1d3dda1780c1530b
-
SHA256
0ba6edae39157480f847fa65202adb9364a4d68cdf14a8a7b49c45b7c695fb08
-
SHA512
1d0217b3d901014b98cedc77be94f2bd4384e496078f24aa9c6ff76ffd5b7f91a6a5efc4805a07a9fc7044d67b4dc0b09fe6fa8e77709e2954a8926a1bfece9d
-
SSDEEP
6144:5WUg0+lqAFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:5WjFB24lwR45FB24lzx1skz15L
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.ba92b6a695d150b3a89798637c053200.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.ba92b6a695d150b3a89798637c053200.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hokgmpkl.exeC:\Windows\system32\Hokgmpkl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jifabb32.exeC:\Windows\system32\Jifabb32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jfokff32.exeC:\Windows\system32\Jfokff32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kpgoolbl.exeC:\Windows\system32\Kpgoolbl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kciaqi32.exeC:\Windows\system32\Kciaqi32.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lapopm32.exeC:\Windows\system32\Lapopm32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmfodn32.exeC:\Windows\system32\Lmfodn32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mffjnc32.exeC:\Windows\system32\Mffjnc32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nagngjmj.exeC:\Windows\system32\Nagngjmj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pjoknhbe.exeC:\Windows\system32\Pjoknhbe.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qgehml32.exeC:\Windows\system32\Qgehml32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Adkelplc.exeC:\Windows\system32\Adkelplc.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bhennm32.exeC:\Windows\system32\Bhennm32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bndblcdq.exeC:\Windows\system32\Bndblcdq.exe15⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cqiehnml.exeC:\Windows\system32\Cqiehnml.exe16⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cnpbgajc.exeC:\Windows\system32\Cnpbgajc.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgmpkg32.exeC:\Windows\system32\Dgmpkg32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Diafqi32.exeC:\Windows\system32\Diafqi32.exe19⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enpknplq.exeC:\Windows\system32\Enpknplq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejnbdp32.exeC:\Windows\system32\Ejnbdp32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Flmonbbp.exeC:\Windows\system32\Flmonbbp.exe22⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Glkkop32.exeC:\Windows\system32\Glkkop32.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hkodak32.exeC:\Windows\system32\Hkodak32.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hlnqln32.exeC:\Windows\system32\Hlnqln32.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kcbded32.exeC:\Windows\system32\Kcbded32.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Midoph32.exeC:\Windows\system32\Midoph32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ndgpnogo.exeC:\Windows\system32\Ndgpnogo.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Njfafhjf.exeC:\Windows\system32\Njfafhjf.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omgjhc32.exeC:\Windows\system32\Omgjhc32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmgcoaie.exeC:\Windows\system32\Pmgcoaie.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcfhlh32.exeC:\Windows\system32\Pcfhlh32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agikne32.exeC:\Windows\system32\Agikne32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agkgceeh.exeC:\Windows\system32\Agkgceeh.exe34⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Addahh32.exeC:\Windows\system32\Addahh32.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdhkchlg.exeC:\Windows\system32\Bdhkchlg.exe36⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bcngddao.exeC:\Windows\system32\Bcngddao.exe37⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cdbmifdl.exeC:\Windows\system32\Cdbmifdl.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cjcolm32.exeC:\Windows\system32\Cjcolm32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmiaig32.exeC:\Windows\system32\Dmiaig32.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djmbbk32.exeC:\Windows\system32\Djmbbk32.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ekahhn32.exeC:\Windows\system32\Ekahhn32.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Flmhclod.exeC:\Windows\system32\Flmhclod.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmjcgb32.exeC:\Windows\system32\Gmjcgb32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gmnmbbgp.exeC:\Windows\system32\Gmnmbbgp.exe45⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Hkggfe32.exeC:\Windows\system32\Hkggfe32.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlfcqh32.exeC:\Windows\system32\Hlfcqh32.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ionbcb32.exeC:\Windows\system32\Ionbcb32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioqohb32.exeC:\Windows\system32\Ioqohb32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Idmhqi32.exeC:\Windows\system32\Idmhqi32.exe50⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kleiid32.exeC:\Windows\system32\Kleiid32.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Klibdcjo.exeC:\Windows\system32\Klibdcjo.exe52⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Kkaljpmd.exeC:\Windows\system32\Kkaljpmd.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmeapbpa.exeC:\Windows\system32\Lmeapbpa.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldqfddml.exeC:\Windows\system32\Ldqfddml.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mbiphhhq.exeC:\Windows\system32\Mbiphhhq.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nilkkq32.exeC:\Windows\system32\Nilkkq32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Niadfpcn.exeC:\Windows\system32\Niadfpcn.exe58⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nfgbec32.exeC:\Windows\system32\Nfgbec32.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opbcdieb.exeC:\Windows\system32\Opbcdieb.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmbcik32.exeC:\Windows\system32\Pmbcik32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmiijjcf.exeC:\Windows\system32\Pmiijjcf.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ainfpi32.exeC:\Windows\system32\Ainfpi32.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bgafin32.exeC:\Windows\system32\Bgafin32.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpjkbcbe.exeC:\Windows\system32\Bpjkbcbe.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bibpkiie.exeC:\Windows\system32\Bibpkiie.exe66⤵
-
C:\Windows\SysWOW64\Bplhhc32.exeC:\Windows\system32\Bplhhc32.exe67⤵
-
C:\Windows\SysWOW64\Beippj32.exeC:\Windows\system32\Beippj32.exe68⤵
-
C:\Windows\SysWOW64\Boaeioej.exeC:\Windows\system32\Boaeioej.exe69⤵
-
C:\Windows\SysWOW64\Bekmei32.exeC:\Windows\system32\Bekmei32.exe70⤵
-
C:\Windows\SysWOW64\Bodano32.exeC:\Windows\system32\Bodano32.exe71⤵
-
C:\Windows\SysWOW64\Bjielh32.exeC:\Windows\system32\Bjielh32.exe72⤵
-
C:\Windows\SysWOW64\Cpcnhbjj.exeC:\Windows\system32\Cpcnhbjj.exe73⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cokgonmp.exeC:\Windows\system32\Cokgonmp.exe74⤵
-
C:\Windows\SysWOW64\Cjpllgme.exeC:\Windows\system32\Cjpllgme.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dcpffk32.exeC:\Windows\system32\Dcpffk32.exe76⤵
-
C:\Windows\SysWOW64\Dokqfl32.exeC:\Windows\system32\Dokqfl32.exe77⤵
-
C:\Windows\SysWOW64\Gfodpbpl.exeC:\Windows\system32\Gfodpbpl.exe78⤵
-
C:\Windows\SysWOW64\Ghanoeel.exeC:\Windows\system32\Ghanoeel.exe79⤵
-
C:\Windows\SysWOW64\Hmlbij32.exeC:\Windows\system32\Hmlbij32.exe80⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iplkje32.exeC:\Windows\system32\Iplkje32.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Impldi32.exeC:\Windows\system32\Impldi32.exe82⤵
-
C:\Windows\SysWOW64\Ikdlmmbh.exeC:\Windows\system32\Ikdlmmbh.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ipaeedpp.exeC:\Windows\system32\Ipaeedpp.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Ikgicmpe.exeC:\Windows\system32\Ikgicmpe.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Idonlbff.exeC:\Windows\system32\Idonlbff.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iodaikfl.exeC:\Windows\system32\Iodaikfl.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jhmfba32.exeC:\Windows\system32\Jhmfba32.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kaonaekb.exeC:\Windows\system32\Kaonaekb.exe89⤵
-
C:\Windows\SysWOW64\Kkioojpp.exeC:\Windows\system32\Kkioojpp.exe90⤵
-
C:\Windows\SysWOW64\Kolaqh32.exeC:\Windows\system32\Kolaqh32.exe91⤵
-
C:\Windows\SysWOW64\Lamjbc32.exeC:\Windows\system32\Lamjbc32.exe92⤵
-
C:\Windows\SysWOW64\Mggolhaj.exeC:\Windows\system32\Mggolhaj.exe93⤵
-
C:\Windows\SysWOW64\Mqpcdn32.exeC:\Windows\system32\Mqpcdn32.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mndcnafd.exeC:\Windows\system32\Mndcnafd.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mdnlkl32.exeC:\Windows\system32\Mdnlkl32.exe96⤵
-
C:\Windows\SysWOW64\Nocphd32.exeC:\Windows\system32\Nocphd32.exe97⤵
-
C:\Windows\SysWOW64\Ndphpk32.exeC:\Windows\system32\Ndphpk32.exe98⤵
-
C:\Windows\SysWOW64\Obbekn32.exeC:\Windows\system32\Obbekn32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ogoncd32.exeC:\Windows\system32\Ogoncd32.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ppphkq32.exeC:\Windows\system32\Ppphkq32.exe101⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qlkbka32.exeC:\Windows\system32\Qlkbka32.exe102⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qecgcfmf.exeC:\Windows\system32\Qecgcfmf.exe103⤵
-
C:\Windows\SysWOW64\Alplfpbp.exeC:\Windows\system32\Alplfpbp.exe104⤵
-
C:\Windows\SysWOW64\Dpemjifi.exeC:\Windows\system32\Dpemjifi.exe105⤵
-
C:\Windows\SysWOW64\Fhonpi32.exeC:\Windows\system32\Fhonpi32.exe106⤵
-
C:\Windows\SysWOW64\Gjgmpkfl.exeC:\Windows\system32\Gjgmpkfl.exe107⤵
-
C:\Windows\SysWOW64\Gbcaemdg.exeC:\Windows\system32\Gbcaemdg.exe108⤵
-
C:\Windows\SysWOW64\Gqdbbelf.exeC:\Windows\system32\Gqdbbelf.exe109⤵
-
C:\Windows\SysWOW64\Hakhcd32.exeC:\Windows\system32\Hakhcd32.exe110⤵
-
C:\Windows\SysWOW64\Hfhqkk32.exeC:\Windows\system32\Hfhqkk32.exe111⤵
-
C:\Windows\SysWOW64\Hmaihekc.exeC:\Windows\system32\Hmaihekc.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hclaeocp.exeC:\Windows\system32\Hclaeocp.exe113⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hmdend32.exeC:\Windows\system32\Hmdend32.exe114⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hbanfk32.exeC:\Windows\system32\Hbanfk32.exe115⤵
-
C:\Windows\SysWOW64\Hmfbcd32.exeC:\Windows\system32\Hmfbcd32.exe116⤵
-
C:\Windows\SysWOW64\Hfoflj32.exeC:\Windows\system32\Hfoflj32.exe117⤵
-
C:\Windows\SysWOW64\Ipckqnja.exeC:\Windows\system32\Ipckqnja.exe118⤵
-
C:\Windows\SysWOW64\Jjklcf32.exeC:\Windows\system32\Jjklcf32.exe119⤵
-
C:\Windows\SysWOW64\Jfdinf32.exeC:\Windows\system32\Jfdinf32.exe120⤵
-
C:\Windows\SysWOW64\Kdophj32.exeC:\Windows\system32\Kdophj32.exe121⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-