Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.148d9...30.exe

windows7-x64

7

NEAS.148d9...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.148d9279463210ed1d310e60eae87630.exe

  • Size

    433KB

  • MD5

    148d9279463210ed1d310e60eae87630

  • SHA1

    ad13f425c96667a816de4f19c9adfd5dc5274c41

  • SHA256

    307b8cffb185fe4bb1a4c24b18fdc96480a16812bf39b8c78ad8d5de5166977d

  • SHA512

    c69fffb235519e23342f49f7eef6cfdb565c4e14c811a9e0ace76b9d620a8588b00f00615768855d491b09aaea5275a68b5e98a4501c95b0da61f581cbce10aa

  • SSDEEP

    6144:Cajdz4sTdDyyqiOXpOd0p6Jiv+vtvDyPsTcpNmEImIR2pZKx0avxkLeBs7tb0yvt:Ci4g+yU+0pAiv+JXGple2Gfu6B4SvKn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.148d9279463210ed1d310e60eae87630.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.148d9279463210ed1d310e60eae87630.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Users\Admin\AppData\Local\Temp\5908.tmp
      "C:\Users\Admin\AppData\Local\Temp\5908.tmp" --helpC:\Users\Admin\AppData\Local\Temp\NEAS.148d9279463210ed1d310e60eae87630.exe FE988C2994A9011A6495C4C66E9729E19DB6DEC5D5708D09788A425A53C3139E566A38BCFBB2241CD96EE00398C90611662F14033A9BD1044F13C53995B06A3C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5908.tmp
    Filesize

    433KB

    MD5

    42d3a5b83034eaa4b12653d2da0a036e

    SHA1

    4877ec5b9478669a32cf1b5caab370d6e1c43152

    SHA256

    3a04f24155df0e01dfa6c3d5968b5bd2330d502a26448427ba91ac899698615f

    SHA512

    f0565272e26875dca0dc409aec77ceb0dd57d562f50767c9d50140934a820607b626deb08e930800599dac2f8ef424cce4e251b2fae6110492c64b1828792dbf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5908.tmp
    Filesize

    433KB

    MD5

    42d3a5b83034eaa4b12653d2da0a036e

    SHA1

    4877ec5b9478669a32cf1b5caab370d6e1c43152

    SHA256

    3a04f24155df0e01dfa6c3d5968b5bd2330d502a26448427ba91ac899698615f

    SHA512

    f0565272e26875dca0dc409aec77ceb0dd57d562f50767c9d50140934a820607b626deb08e930800599dac2f8ef424cce4e251b2fae6110492c64b1828792dbf

    Download Submit