Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

NEAS.18c67...a0.exe

windows7-x64

6

NEAS.18c67...a0.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    181s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.18c67168c3e6a43dec438261b56b44a0.exe

  • Size

    965KB

  • MD5

    18c67168c3e6a43dec438261b56b44a0

  • SHA1

    a1684cbab47743b494c477dcd362416a54dd8415

  • SHA256

    7f42ad2f396f19121cd7ea5545caf8a2189b0650822e90485ec43ad5164f4d79

  • SHA512

    7e8e62892a8fb6c4c194d9748a6a1be1483fd8ac3224cffe9c9e22b8261febe058bf778f6bd07f6fd0dccac8a7ea782d687005de2005d2d135d868d234088964

  • SSDEEP

    12288:i2ToLD2QfWUEknSsmjj/UVF4TGSdvGvTjMVJK1P5aEL3lUbyhxoeVsc:ikuPfWsnnw/UV+GSdvG3MVcRaGM2v1

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NEAS.18c67168c3e6a43dec438261b56b44a0.exe
    Filesize

    965KB

    MD5

    b84685633ed9af5036c98966a43e2cfd

    SHA1

    4a51a2ae5866768edee7c94e499a0b8fd56158c1

    SHA256

    af4112574ccd753a88484a87544d47335a0118ab99d0e4f9880c2d70595a6765

    SHA512

    a2b78bd563cb964c057126ab0e2bff02c227918419b883f9bdc22555528331005cefead7fcefb55aee124fde54f22c39a713faf1beed5ca681529716c09b43ba

    Download Submit

  • memory/2448-13-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-15-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-3-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-9-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-10-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-11-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-4-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-12-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-14-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-2-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2448-16-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-17-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-18-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-19-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-20-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download

  • memory/2448-21-0x0000000000040000-0x0000000000139000-memory.dmp

    Filesize

    996KB

    Download