Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.2a851...f0.exe

windows7-x64

7

NEAS.2a851...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/11/2023, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2a8517db3c2aa2f091ef9e109ce959f0.exe

  • Size

    77KB

  • MD5

    2a8517db3c2aa2f091ef9e109ce959f0

  • SHA1

    1afe62792a1f91f65c7b132e9aecf717c7eb5373

  • SHA256

    65a254918e20d911860237a9779182980e51a6c7f3f2444b20ce0f68e18d3a55

  • SHA512

    1c5fd1ddf32a5540867d51c0f40d888f0bb2c536628bf1aa9585fec846903740e6bed769963345b700533cf476aa1cb979d0c065f776e5576851dd9aa3631f97

  • SSDEEP

    1536:YAowfUJFgjT284U+w2EwRz6OlvaeEpIao/6NXznCCh+61CXCCCC9yttattvtHtgp:YAowyFgjTiUkEwt6OlvaeEpIao/6NDn9

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2a8517db3c2aa2f091ef9e109ce959f0.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2a8517db3c2aa2f091ef9e109ce959f0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3936
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:4584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    77KB

    MD5

    38ff4f16625bb8073d67d3cb9ef1ddee

    SHA1

    547510af4e650f539d25f5038ae4be384816ad5e

    SHA256

    62b0545396ecb49c8c2974fb5131856746490760b4fff4f6bc0e91e4b629ac7a

    SHA512

    a4fb64e063eb81c4a93bf1ab533e14d68892a276a87737c7ac3572c80eb3e87c259b381496b4c6ed412ab223e527ab5dc407b23ce5b1571637b19e313e434960

    Download Submit

  • C:\Windows\microsofthelp.exe
    Filesize

    77KB

    MD5

    38ff4f16625bb8073d67d3cb9ef1ddee

    SHA1

    547510af4e650f539d25f5038ae4be384816ad5e

    SHA256

    62b0545396ecb49c8c2974fb5131856746490760b4fff4f6bc0e91e4b629ac7a

    SHA512

    a4fb64e063eb81c4a93bf1ab533e14d68892a276a87737c7ac3572c80eb3e87c259b381496b4c6ed412ab223e527ab5dc407b23ce5b1571637b19e313e434960

    Download Submit

  • memory/3936-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3936-5-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4584-6-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download