Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

362c4bdfae...AS.exe

windows7-x64

9

362c4bdfae...AS.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    06/05/2024, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    362c4bdfae4f33679bcfcf27cbef8600_NEAS.exe

  • Size

    64KB

  • MD5

    362c4bdfae4f33679bcfcf27cbef8600

  • SHA1

    c115398e7b39cd4329f2331a603c12c20f0cda67

  • SHA256

    45f37bdecfb9c5618662444eb53c59cbc3c37d62a15491d8832f4f1ec72bd589

  • SHA512

    2bf195a4f2e8d8c7040e142d177de6efcbd21e09b91850909471cd2570ff6b11e84bb104984a5fa89f1c9a35cda5db57b7949ff665a2615e8aee262b9fb4e906

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fnj28/8aFKtBYJIJDYJIJH:W7ZDpApYbWjCDOgj28/8HtOe+et

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3709) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\362c4bdfae4f33679bcfcf27cbef8600_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\362c4bdfae4f33679bcfcf27cbef8600_NEAS.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
    Filesize

    65KB

    MD5

    26b9d31b705cf6111035b475d6683667

    SHA1

    e34574ab82b5646254516017f123c9ce55328bd1

    SHA256

    b133105dbd4c8af34085a387e36f6a2092a4145bc487a8d379a739432814e3b9

    SHA512

    5c6388f3007c96f1e803a681bbb9b3e92932c55581eab91b2caa760868ab505771bc168f4f466a58bc194047cc53b79b23c000992e3fc546fe80358878cfa1fe

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    74KB

    MD5

    36dc5aedf93dfc7c919e78ae2a612f81

    SHA1

    f498e742203e457dbcd2386480c9c67bbe85423e

    SHA256

    26a7ef5e992d0e3da7cc70742b987173b22c8c413543f5f01602759d7f781767

    SHA512

    9a49a27a35934b739c242d5af780785c06482b23ca53b4e136aed3d3945d59a83b85e6d2ad6eb9b6920c6e2759928cce5b2feb8471cd508473fa13b53100622a

    Download Submit