Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

NEAS.12877...50.exe

windows7-x64

7

NEAS.12877...50.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2023, 09:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.128776e83e3d08a07d4572513867d950.exe

  • Size

    220KB

  • MD5

    128776e83e3d08a07d4572513867d950

  • SHA1

    abba4635064e8a8814bbd8a04341437741ef9cac

  • SHA256

    dfa1a46d34856fa0d06b6c6bf7581439f88342b4e80d2e12f71069873a66b955

  • SHA512

    e3bbac6401f02857f5a615cc2451cd54f84393a81f19d6badb1d5d9975416591c01f695ebf90ed2b6ebf4f8c7f4a90e1059a812f550b78d77f07e835c1e197d6

  • SSDEEP

    3072:6e7WpXR9B3NZWGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2Fr:Rqz9ZNoShcHUaV

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (306) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.128776e83e3d08a07d4572513867d950.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.128776e83e3d08a07d4572513867d950.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1680
    • C:\Users\Admin\AppData\Local\Temp\_cpack.exe
      "_cpack.exe"
      2⤵
      • Executes dropped EXE
      PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-984744499-3605095035-265325720-1000\desktop.ini.exe
    Filesize

    81KB

    MD5

    bc5568d630ed69be0ea0f4b4f8d4f646

    SHA1

    d78393856f7bfa9e300c2d8a4d0d0b4138e6f1b7

    SHA256

    3124edeac140d354f1b74f8ef93d3c9ba3b1392831e62b67d2a99f016cbb787d

    SHA512

    5612e2de4787137791250b4c503723f75edec2db2d36e51a58d966b6f1ede8e3e62506a743a0bf3d462dd5208ec76f83b716d20c328758fc395ff27c3d07e48f

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-984744499-3605095035-265325720-1000\desktop.ini.tmp
    Filesize

    81KB

    MD5

    bc5568d630ed69be0ea0f4b4f8d4f646

    SHA1

    d78393856f7bfa9e300c2d8a4d0d0b4138e6f1b7

    SHA256

    3124edeac140d354f1b74f8ef93d3c9ba3b1392831e62b67d2a99f016cbb787d

    SHA512

    5612e2de4787137791250b4c503723f75edec2db2d36e51a58d966b6f1ede8e3e62506a743a0bf3d462dd5208ec76f83b716d20c328758fc395ff27c3d07e48f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_cpack.exe
    Filesize

    140KB

    MD5

    caad373422b474737f4d76fb82379581

    SHA1

    6804be1ae8bfd3858e0053915f75d4b611790bc5

    SHA256

    22c0d54e96431ebae4d40546f4efe6af61d1a9644710f93dc32ec2ca6cf2ba75

    SHA512

    dbaba0bc94aaeddb9811b0b9fd923f763ef8c7e290153e21e295230fdbe9c683dbf0b096eda3a3eb06e4ff9733cb3e9906737a1b5ee8e6af034680c198b95dd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_cpack.exe
    Filesize

    140KB

    MD5

    caad373422b474737f4d76fb82379581

    SHA1

    6804be1ae8bfd3858e0053915f75d4b611790bc5

    SHA256

    22c0d54e96431ebae4d40546f4efe6af61d1a9644710f93dc32ec2ca6cf2ba75

    SHA512

    dbaba0bc94aaeddb9811b0b9fd923f763ef8c7e290153e21e295230fdbe9c683dbf0b096eda3a3eb06e4ff9733cb3e9906737a1b5ee8e6af034680c198b95dd5

    Download Submit

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    80KB

    MD5

    327fae54b25f17c89886114f5f3d64c9

    SHA1

    77664a47aed46d07260a17d2792be5ff9166e1f4

    SHA256

    e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

    SHA512

    a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

    Download Submit

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    80KB

    MD5

    327fae54b25f17c89886114f5f3d64c9

    SHA1

    77664a47aed46d07260a17d2792be5ff9166e1f4

    SHA256

    e7769436a31110d0606781b768ea5861b8112528d52de2fc959674e3e056ebc2

    SHA512

    a75ead5b73ba689eaccd4584a6a2642709d8fdce40d0341dfa1f1ef423b53f92753a88713853085211158ed32a2fb8a590d053df9f6134513b6ab342722e19bc

    Download Submit

  • memory/4780-15-0x0000000000690000-0x00000000006B8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4780-19-0x00007FFBE5F50000-0x00007FFBE6A11000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4780-272-0x00007FFBE5F50000-0x00007FFBE6A11000-memory.dmp

    Filesize

    10.8MB

    Download