Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.7021a...20.exe

windows7-x64

7

NEAS.7021a...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/11/2023, 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.7021ad6a58eadd2d62e39c1e11680320.exe

  • Size

    724KB

  • MD5

    7021ad6a58eadd2d62e39c1e11680320

  • SHA1

    0875f3ddbce480e0ea4982ec1b3c1ec7a3e9f364

  • SHA256

    525f29fa9ba3e5416dbca35d0477aaec664d65ce8f910aee9926ddce9292fd6a

  • SHA512

    b39adb243c32c655d0177d21d3746b3df0656778ab2d598c3d912178504906bd662852cfdb68d092020bddcb4bff79e5db3c33ff9fdcc631a0521d362c50251a

  • SSDEEP

    12288:71/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0Kq8c5VPcK0nrlHhP8SFP5jOMQ8Y8Y83q:71/aGLDCM4D8ayGMUQcK0nr5w/v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.7021ad6a58eadd2d62e39c1e11680320.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.7021ad6a58eadd2d62e39c1e11680320.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\ProgramData\pxden.exe
      "C:\ProgramData\pxden.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\DumpStack.log.tmp .exe
    Filesize

    724KB

    MD5

    c29e9f7785b421a9280879cece8ca92e

    SHA1

    b9b97713392bc9d8e9992475be9ee74ddaf51d4f

    SHA256

    08d86c35204e858c1e3bbcfc1b9883bb6187fa3a591e7cbba737998daee2263b

    SHA512

    89b03c991ba0cc95627f9431ee4b18746b2e2b374e2e4fecd0482385ec947056628494f8309701d16f8ef022645867f148f2dc4fe70a30e69eb7bf7612c663f6

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    269KB

    MD5

    d882647ae95e92c82bd66478d7043df3

    SHA1

    52f1b2c5ff9fe97ade8a034c1df965b21b6f2008

    SHA256

    93ba5be8e47ad44f8d31ff6b142e6c21de473b5c725e8b798279f8b0f31d4232

    SHA512

    ec1416cd7b9d251d6c687c87d3626a4b1879debd50d69050a8be6f01475d53f022919aa1a0cb56e14bd6eae316259c2681eb5bc9ad0e01ed909d9aba0a52dce2

    Download Submit

  • C:\ProgramData\pxden.exe
    Filesize

    454KB

    MD5

    e8683cece85d590f68c076c22b6562be

    SHA1

    a5a8aeb010dc4d0723a61400e82a0d9ef3d24cba

    SHA256

    d601fc5ee297f538759a2a2a27833da2bb00bfcf580730845ce97e24326cf531

    SHA512

    64cce70d52afdf5096d9f59af52ddc8a25536abafe3f835eb7a5f08f5aeaa8c9ed852b3a4b28594dcee22d97f1485f1d5ce34e87055fe9b3a3585ef98279c0b9

    Download Submit

  • C:\ProgramData\pxden.exe
    Filesize

    454KB

    MD5

    e8683cece85d590f68c076c22b6562be

    SHA1

    a5a8aeb010dc4d0723a61400e82a0d9ef3d24cba

    SHA256

    d601fc5ee297f538759a2a2a27833da2bb00bfcf580730845ce97e24326cf531

    SHA512

    64cce70d52afdf5096d9f59af52ddc8a25536abafe3f835eb7a5f08f5aeaa8c9ed852b3a4b28594dcee22d97f1485f1d5ce34e87055fe9b3a3585ef98279c0b9

    Download Submit

  • memory/528-0-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/528-7-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1476-99-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download