Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

NEAS.6d0ab...50.exe

windows7-x64

7

NEAS.6d0ab...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/11/2023, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.6d0ab5f3fd2d33708ce854a898460350.exe

  • Size

    80KB

  • MD5

    6d0ab5f3fd2d33708ce854a898460350

  • SHA1

    d76574c00f71f4507284cffb2547d7a3525cf400

  • SHA256

    8f848fc7afdb5bc047ff69ee7dd562a349dea36d69bef92658ac939046586f64

  • SHA512

    f919ff95f346ace8bf45081c6175f034e377375d19af32969da2f1b7f6bb10fc6462a8561956a3ec9521fcd2464b6feb136192613429083eb6282d9e7928f084

  • SSDEEP

    1536:5lrsicagdzn8K2ariPOcjk+XQuPVN72NMSpmnadQyJbQEo:5JjcF8KfCOcjk+guPVjSpSyJbQD

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.6d0ab5f3fd2d33708ce854a898460350.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.6d0ab5f3fd2d33708ce854a898460350.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:1200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\macromd\icqcracker.exe
    Filesize

    79KB

    MD5

    313288c314d6bfb792e5d290dc5dcfed

    SHA1

    989979f41900cab71c80ff68da855cc3ebfe4bdf

    SHA256

    df305b05c13848b2643781c44bf9efb2a84d10a71b0840ba57ab88dbb11ddfba

    SHA512

    334e2a206f99db449baa5572cd9f0179cc7691afdf38df8838a80df8c95d8d1983c514b023577f3ceb64e85a4274556a51f18af7742e04a822c38440aa023de2

    Download Submit

  • memory/1200-0-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1200-34-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download