Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.2e92f...80.exe

windows7-x64

7

NEAS.2e92f...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2e92fe0646a18adb6018399f1a019280.exe

  • Size

    4.1MB

  • MD5

    2e92fe0646a18adb6018399f1a019280

  • SHA1

    09f681bec48b7979f20fcc42c3805c06a53cb7ec

  • SHA256

    eb3d5eecec4baf786a32cfd0775b7eba116e4adf88cd3ea6ae81ab3e4ee27cc5

  • SHA512

    2b438332fa752703dc91abcc7ec4248e699f6dba49cdbd1372f9083f462bcade1fb99d2edea04c8f58cec23fa6d5519711f0609c53276848a72e33153b08b953

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSp+4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm15n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2e92fe0646a18adb6018399f1a019280.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2e92fe0646a18adb6018399f1a019280.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\FilesXB\xbodsys.exe
      C:\FilesXB\xbodsys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\FilesXB\xbodsys.exe
    Filesize

    4.1MB

    MD5

    29ae054f1f527060b7eddd9791873d83

    SHA1

    25c4ed68ef3d001c480a904dc9d46459d9ac00a4

    SHA256

    b89ecd0ce37796f70e02268b430bbcec7a9870757aaf815ce740df9ed2cdc564

    SHA512

    146eb84d0d9669a07872c76739ab134b4a988b7bf3cda5a57cf18b46512f6d39da40fbd33bb8bae154d87e33a4e0897924a4d58225b4bd82bcf2d97287beefb0

    Download Submit

  • C:\FilesXB\xbodsys.exe
    Filesize

    4.1MB

    MD5

    29ae054f1f527060b7eddd9791873d83

    SHA1

    25c4ed68ef3d001c480a904dc9d46459d9ac00a4

    SHA256

    b89ecd0ce37796f70e02268b430bbcec7a9870757aaf815ce740df9ed2cdc564

    SHA512

    146eb84d0d9669a07872c76739ab134b4a988b7bf3cda5a57cf18b46512f6d39da40fbd33bb8bae154d87e33a4e0897924a4d58225b4bd82bcf2d97287beefb0

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    202B

    MD5

    d17c24a5f4516adfe024edeb444d3c1c

    SHA1

    42c461f8482d7e267f95fb7f0fafbd8bcb999531

    SHA256

    477483ef14961d7b983703ac57be93870354ce6d59a8068b87a23cf1cb6b49f5

    SHA512

    e46f51656fdd7ae68e5c08458a0c12ea415a9137b26f37d645424974b612a5999b5ff8f4e8fe28e5b796ea757292240e55c3a1240d79cee0867a26275708a8d8

    Download Submit

  • C:\VidX9\optiasys.exe
    Filesize

    4.1MB

    MD5

    c1842dd7c5d893a2b397760c09aad5de

    SHA1

    9182a2cb3d1cb8865614a7f635e13bdddd1b64ab

    SHA256

    6d02253c8f52e85e7fb556a3982e7f9b9b94567dbe032e571651bb41fb259f3c

    SHA512

    d83adbfe352d3ae0c9b733775b60ad635c18d8f12cf649defa1c7a05b8bcc6dda7b5b4b3c3916c4edc27e831d6759cba909d37a806c2daec50e417efc8f2d31d

    Download Submit