Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/05/2024, 05:08
Static task
static1
Behavioral task
behavioral1
Sample
6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe
Resource
win10v2004-20240419-en
General
-
Target
6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe
-
Size
218KB
-
MD5
6e0a4d5843378489a70d0d6c9335ca30
-
SHA1
ba409b596bac328268219674dd34583b2effbd7b
-
SHA256
6d8b8dc8c8097bb3f12e692c86998af1f4b16195f2053767702b95eca83d355a
-
SHA512
b3df89c065912c14d90a744a6f951d39df9f717b92e168943ff1151a5983d2da139a57214aa7c5df14fac10a49216517790fe135465c4902699171b90fb60f54
-
SSDEEP
6144:z78/4zGc07144DmkBjyhxQEab4pKX9aLisM+Nea:z7cqR07144Dm2+zQE3pKX9aLisvNea
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2536 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe -
Executes dropped EXE 1 IoCs
pid Process 2536 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe -
Loads dropped DLL 1 IoCs
pid Process 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2536 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 856 wrote to memory of 2536 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe 29 PID 856 wrote to memory of 2536 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe 29 PID 856 wrote to memory of 2536 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe 29 PID 856 wrote to memory of 2536 856 6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Users\Admin\AppData\Local\Temp\6e0a4d5843378489a70d0d6c9335ca30_NEAS.exeC:\Users\Admin\AppData\Local\Temp\6e0a4d5843378489a70d0d6c9335ca30_NEAS.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2536
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
218KB
MD5f4a21e7c4b4f718e5715d4890e4caa90
SHA1319875d910e0d2eebe59c59c12fe2905c26947c4
SHA256bb4dbf3bd62df7ba458d58cf514b1a9fe96947c811ea636d554d34b12ef7796e
SHA512ba885633b0103ba3a0b8cc8feabae90307dd10dcbc7dbbaaad6331d3bc98badc62ad3dff66c6e5eef1b51c2eea3e9c97183744bbe23b3d4b9b451bd0d2ff7107