Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

48c3d091f5...AS.exe

windows7-x64

7

48c3d091f5...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48c3d091f51da30601244ca44a51b6a0_NEAS.exe

  • Size

    2.7MB

  • MD5

    48c3d091f51da30601244ca44a51b6a0

  • SHA1

    5a670351d7479c50a13837043757e96aca6d40d4

  • SHA256

    96d626714b756098ab2def3ef568b1d0956fb22249591f0fdf5d6fae5ce6c5d7

  • SHA512

    885028b6bc5e94e18502e2c61dcc9f52dfdf0ed1a40df9fc7b952aa8136ad19eabfddc313dac479aa56976ffd204eaeaf0487ba7491ea5611e9b41db3b25e610

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBH9w4Sx:+R0pI/IQlUoMPdmpSpP4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48c3d091f51da30601244ca44a51b6a0_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\48c3d091f51da30601244ca44a51b6a0_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\SysDrvID\abodloc.exe
      C:\SysDrvID\abodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    200B

    MD5

    59275cf19a8b9aea004d7bf27891e1d1

    SHA1

    ba134537c18649d503ecb6e4858337fe3efea4c8

    SHA256

    e942b66fe221cfea97d794e405fba0687102f2daae3f5b6d5a2e2d61b2d14b5c

    SHA512

    89bfa554f4de50e674132f0a931e37007b4d6ea9230677acea64596b66513ac8bddbaf1e6208870fc971d0f3522891c76556a1907491584bdec3b03d7bcfae6f

    Download Submit

  • C:\VidM0\bodasys.exe
    Filesize

    2.7MB

    MD5

    1ab9b4618b158ce230f51437be6017df

    SHA1

    2c588cbfca727e9fb4e3a09c7c244da9867a786f

    SHA256

    32f24cad539113e6a07ac008c1e77373789026c047fe65f2b88d09b483bfbebf

    SHA512

    981942eaca8ea93a07ef3398a0c13ffc3a469c20b2b2faa0d0c2f471cc11f92080c223a9de444bef35ab9abd0f3ba233b549922af877297c338f1c1ddb13b084

    Download Submit

  • \SysDrvID\abodloc.exe
    Filesize

    2.7MB

    MD5

    738c9974bc2a091a24d099a1b7a7c342

    SHA1

    080133422a268a13edf654f95e5c1900d797abf9

    SHA256

    4709f2f4a7aa92d53812097345792b6102f92027496b6035e164389cd4712c1d

    SHA512

    2fc9c94d6a0c9a15d8bf50df7b05044c0bc78f47b98b316fbf87697487df8cb07f3d8803443b14176cde7d40bbe6eb2f4b5223639e48eefc1ba4abc1d206cbb1

    Download Submit