Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.bce60...80.exe

windows7-x64

7

NEAS.bce60...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/11/2023, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.bce6087ec3ac37ed78aa03a6f67c9d80.exe

  • Size

    304KB

  • MD5

    bce6087ec3ac37ed78aa03a6f67c9d80

  • SHA1

    be6f7f5b363723a2b721c5c26ce8ad0e9e457ffa

  • SHA256

    114875cb56fceacb29315cb0431bfaec931092e3133817128bbff561446898fe

  • SHA512

    8e05eba3890b57a18a0e91fcf21438fdb02857365edc3444c8693c4fe2a3b9aa51862938c54447f7d2e7b35b2e77f5fb8c08db22c446da32622496335e5006ce

  • SSDEEP

    6144:NrkW9uEo2S1YnQmCX492DkwNP3qpYF4AqqWb+qR9h+uqkNfoM6YV5TmNa1a3SyPI:Nrkuu6/eIo4tQW62T+uTwM6YVxm24I

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.bce6087ec3ac37ed78aa03a6f67c9d80.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.bce6087ec3ac37ed78aa03a6f67c9d80.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\_tin13B9.bat"
      2⤵
        PID:4676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\InstallMate\9BAEAF54\cfg\1.ini
      Filesize

      1KB

      MD5

      b00781b52c7f25409fc82b7d60f7d713

      SHA1

      697b7f6e611b3503256bcad5da6fc90ceeb53c7e

      SHA256

      feac20bd270e6e3a1f640a382c03009b4d86bb527a5bce4290ced78e605afc18

      SHA512

      0f0ba812dde91a9a04dbfe9b2c72ffe808f07790f89994a4be0ab4a2d5b2a84d4111bcf4f0d8dffaa3c4e41745efc61c4f480b292381a4ceba2fb3916ac863d6

      Download Submit

    • C:\ProgramData\InstallMate\9BAEAF54\cfg\1.ini
      Filesize

      1KB

      MD5

      b00781b52c7f25409fc82b7d60f7d713

      SHA1

      697b7f6e611b3503256bcad5da6fc90ceeb53c7e

      SHA256

      feac20bd270e6e3a1f640a382c03009b4d86bb527a5bce4290ced78e605afc18

      SHA512

      0f0ba812dde91a9a04dbfe9b2c72ffe808f07790f89994a4be0ab4a2d5b2a84d4111bcf4f0d8dffaa3c4e41745efc61c4f480b292381a4ceba2fb3916ac863d6

      Download Submit

    • C:\ProgramData\InstallMate\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\Setup.exe
      Filesize

      15KB

      MD5

      e717f6ce3a7429bfa6d7f3cf66737a4b

      SHA1

      01f4042589b4ed88c351ffeac256be7a9d884818

      SHA256

      7be720a73ba8b084702c89f64a9b295fad92545d6ba781072cc056823f9a7633

      SHA512

      65a9a27430811aa01b55cf365f8b7b9f03e70d32ec60e0706242bc568242bcd493999dc1b02d92bf0d01c0095c8c38d30f282a998cafb80e60ad07e0d875ce80

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TsuF07279CB.dll
      Filesize

      269KB

      MD5

      af7ce801c8471c5cd19b366333c153c4

      SHA1

      4267749d020a362edbd25434ad65f98b073581f1

      SHA256

      cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

      SHA512

      88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TsuF07279CB.dll
      Filesize

      269KB

      MD5

      af7ce801c8471c5cd19b366333c153c4

      SHA1

      4267749d020a362edbd25434ad65f98b073581f1

      SHA256

      cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

      SHA512

      88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_tin13B9.bat
      Filesize

      50B

      MD5

      567919270b62e5760e737a020d1bdb7d

      SHA1

      094919f770a516861f70c1ac3addfdc462309f0a

      SHA256

      abe747fec9be3c2eb3eda92d93f802788df2698685314a4cff9fa765ae9776ca

      SHA512

      6fc01555732221426ce2f06c69e42d92e12b8a5d0397430bcd2ea1de6c0b86d255c4a41c208205faba6af9fca69f2c48c1d08960c4fca748366fa6cf85012c50

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\Custom.dll
      Filesize

      73KB

      MD5

      56e4e9e881524397c9f6dca5ca70b1e8

      SHA1

      8ad77bad589591171eb94a593c3814a3b742f79c

      SHA256

      2e6e83c80a887c82c890053f491e0cb24074967b5ae7af7c8c4bcae78af2a22b

      SHA512

      130c83dfc0db281bd7999edc6c295f122ab3ba00c69353daad988866680a6994365874eb29122b8473930d2ba0df58bdfb27eb8897a819f79c8b8e31e6597700

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\Custom.dll
      Filesize

      73KB

      MD5

      56e4e9e881524397c9f6dca5ca70b1e8

      SHA1

      8ad77bad589591171eb94a593c3814a3b742f79c

      SHA256

      2e6e83c80a887c82c890053f491e0cb24074967b5ae7af7c8c4bcae78af2a22b

      SHA512

      130c83dfc0db281bd7999edc6c295f122ab3ba00c69353daad988866680a6994365874eb29122b8473930d2ba0df58bdfb27eb8897a819f79c8b8e31e6597700

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\Readme.txt
      Filesize

      2KB

      MD5

      067f44cc38b379a13ce194880f497404

      SHA1

      c1d1ced18a533eda9911466dcd7cec9e4369c15b

      SHA256

      8cec271acd158c9505314dd754ff2492f99bcbd13c71dfc24ee4424f454d1714

      SHA512

      cce7dfabd89a83c34b49dea9c2aa80901f6fc6ac221ee650f2f94e7290a1a253e64babc2e58cdd9baed150455a633ca33c3ab9234e1c11eb9d831550d523d4e2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\Setup.ico
      Filesize

      4KB

      MD5

      c3926cef276c0940dadbc8142153cec9

      SHA1

      f8b350d2b7158f5ab147938961439860d77b9cb4

      SHA256

      0ec48e3c1886bc0169a4bc262f012e9b7914e3b440bb0ecc4d8123924abc9b93

      SHA512

      5b9958095b8a7b39b3a2226a5242faec8d2d799d10e1e4ed6dbfb8aaebe51b7496cf4bb5ad588366a296671df3ba46a3f42860abc7f9501b4cc5efd55dd87904

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\_Setup.dll
      Filesize

      168KB

      MD5

      9f8992a651c85604676b2bbf54830547

      SHA1

      bd2a5cd0038899d97d7c652056c948c33c5bc83d

      SHA256

      61fef12b10bb745094ec1392da30c357d508c2befafddd354cad9922feca8ed4

      SHA512

      a6d7692bdbf1a19eb582150d5387faf7d08119f7b111a809c3b55f9de5ee74481b62a1a745f6ed3817ac4c0245ca52e4db8026690ba6a48d3006d47771b60ed7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{676DDF53-8E8B-40B2-A259-C6A9BC8EFDA5}\_Setup.dll
      Filesize

      168KB

      MD5

      9f8992a651c85604676b2bbf54830547

      SHA1

      bd2a5cd0038899d97d7c652056c948c33c5bc83d

      SHA256

      61fef12b10bb745094ec1392da30c357d508c2befafddd354cad9922feca8ed4

      SHA512

      a6d7692bdbf1a19eb582150d5387faf7d08119f7b111a809c3b55f9de5ee74481b62a1a745f6ed3817ac4c0245ca52e4db8026690ba6a48d3006d47771b60ed7

      Download Submit