Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
14/11/2023, 09:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.70f3da7d558e9956bf97df21697308e4.exe
Resource
win7-20231020-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.70f3da7d558e9956bf97df21697308e4.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
NEAS.70f3da7d558e9956bf97df21697308e4.exe
-
Size
44KB
-
MD5
70f3da7d558e9956bf97df21697308e4
-
SHA1
0e2842a0870e65026a561066b566f62101836ac0
-
SHA256
f0e156b33834167bf37a819bfa5ed269a0c2b1fefdacf056f0c3f0d70d0af071
-
SHA512
a1f9f314470706a74ac76f3f86fed197275847345b5ec1f1f71e2e4ebded578ead906713baee949804da388ffb38f79815d94fb7a6d9259ca15c8b6b229fd76a
-
SSDEEP
768:W7BlphA7pARFbh+WRWzdWRWzXIlISYJIJDYJq47u47h:W7ZhA7pApuIlIhe+F7T7h
Score
9/10
Malware Config
Signatures
-
Renames multiple (2872) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\FormatRegister.temp.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\7-Zip\Lang\gl.txt.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp NEAS.70f3da7d558e9956bf97df21697308e4.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD5f48ad9a5e0633e5eb7d99811a64c3b32
SHA138ec9d76f8a1dd2a2389d24e1115135b27441980
SHA256e5b493fd35b0bd61ea5cecd466a8103866fafe6ea4af319f25b72652c546b358
SHA512a25af116ff6a0ffc752b96475704383c5d3a66dc585e659efba8157bd842f3c74af79ceb9630e3ea4c401a23979f7943f50fdd27ef7b0ca4ad4191bdd282a67d
-
Filesize
45KB
MD57fa8d971503f6c089170a43999cfcb0a
SHA1af1502cd003aebed0b169a018c7bfb8940c5ab90
SHA25669590e512b2ce42925ffd4e1a2be93a693d3c90e30ae9df49a5c4011e082c4f0
SHA512aa0861aad7c580d71a6eca31cb6fb2dc732eb0aba18c36ad6b653c39dd218f5640a925b8c9340a00846c2e53e83ca5c306c090976266df94ab5d4f4bb29c2421