Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.5f94c...10.exe

windows7-x64

7

NEAS.5f94c...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/11/2023, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe

  • Size

    1.2MB

  • MD5

    5f94cad3f12a82e2d556e4a718ec1710

  • SHA1

    a59c8a2b25c47440fdac3546c2a6915d8971a777

  • SHA256

    72e3b22c4ca692ba4d32d41e53c26e50902ba271c3a927b7d6066da15be17090

  • SHA512

    caf301ea69b4ed7cce34f01bc81307bc86016740ea3c20280f9e8125013e7380c6acfc7a7f4a16885d4de670187bde561643910a853164873c83c1494df59e0e

  • SSDEEP

    12288:XQDvmF68BfAgm8ipJdhRjlDa/ZSEniF+G4l:XQ7mk8B/tipJH3a/ZSEniF+9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 344
      2⤵
      • Program crash
      PID:1292
    • C:\Users\Admin\AppData\Local\Temp\NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe
      C:\Users\Admin\AppData\Local\Temp\NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4440
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 344
        3⤵
        • Program crash
        PID:2708
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 344
        3⤵
        • Program crash
        PID:3972
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4872 -ip 4872
    1⤵
      PID:3372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4440 -ip 4440
      1⤵
        PID:4860
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4440 -ip 4440
        1⤵
          PID:4296

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\NEAS.5f94cad3f12a82e2d556e4a718ec1710.exe
          Filesize

          1.2MB

          MD5

          277451d34b925f44945efad1a363fca8

          SHA1

          2028cd8455bc8623128831e21d065e74f8de4e07

          SHA256

          be595912b9948c4d2df04cb69fea28104a7606f2039583307ce7fcf66b2c5bc9

          SHA512

          34073f54a4a64e21bf2dd1b94044b526bb444d2f138ac50220bac3f034336bbd4be1d632f1ddc95f1e9d2182b0822071d5955c70982e44b943c45e62415e7a73

          Download Submit

        • memory/4440-6-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/4440-8-0x0000000005110000-0x00000000051F8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/4440-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/4872-0-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/4872-7-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download