Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
15/11/2023, 06:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe
Resource
win7-20231020-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe
Resource
win10v2004-20231025-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe
-
Size
177KB
-
MD5
bdf80f2eabb2ce9dc137564c85e22f80
-
SHA1
ab85c955d11bcc4dd0fe65a0b77212f541101bbf
-
SHA256
75d685eeb837471023b582bb170a3015bf5c8b9c9e0f51f5a7cb13ecb5c51aa1
-
SHA512
4ca54f3ee774118b2e7cc2b89ea7067bff9a5fa188acb5c9709db408e52bd0ca7f741c59a618a465f1393930034715b59ff5455cd8567154369116c3363ec87d
-
SSDEEP
3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBArR:RqKB+tOkWKR0iJ00
Score
9/10
Malware Config
Signatures
-
Renames multiple (431) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\7-Zip\readme.txt.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\GetDisconnect.odt.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\PipeTran.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Internet Explorer\IEShims.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe File created C:\Program Files\ConnectExit.wmf.tmp NEAS.bdf80f2eabb2ce9dc137564c85e22f80.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
178KB
MD52ddbb9100d366e5dbef03946d912ac1a
SHA128b304ce9bbfe8ebc55bf0c16e29cc6eb3554a70
SHA256d11cd801707084b732cd571f11ec6b41ceb07e6f9375cd410c843d6696bbedb0
SHA5128f22e28d4ee300eea49a2d536c4a58ba766d1a8c76c98c7f740e6b56f4891a54ee07471dab0e387f5a29360e20dd3868cf8277c62cb3cd0ae2e695314be51861
-
Filesize
187KB
MD50e64a318c969aacfd530b52ebc5ff7fe
SHA1cea26aaa4fa0c894072f0cd22179aa6ad14fda1d
SHA2565ba3bbb5ff31675782130bac848d30c99d45212221748785e3817d1fba0b865e
SHA51239dd320fa52545ba4966bb2b8049d2a402a31df4f5028fce24556cfe2cb4ea432bc92ef0909024a3fa2e524fa12393ed81565e20dce600a1143d2ae0138988cb