Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8eac17b177...AS.exe

windows7-x64

7

8eac17b177...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 07:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eac17b17743a1e491d66d72e4a35150_NEAS.exe

  • Size

    4.1MB

  • MD5

    8eac17b17743a1e491d66d72e4a35150

  • SHA1

    6feb1586f6da68ae2318494a7abbf893c9f41057

  • SHA256

    e463fb8cdc45089cd1a31d01f70a4f8ea835a0a3ca10071c29f116f3fb5b59b5

  • SHA512

    0b717f6f9d91f9e7e2a842a1296c3e3093ff01b94eb3c992c2ce1eddc3e042dba425261c4bd733778442d64381d663b199cb9405bec1f48806c9957c273ef9ec

  • SSDEEP

    98304:+R0pI/IQlUoMPdmpSpi4ADtnkgvNWlw6aTfN41v:+R0pIAQhMPdm55n9klRKN41v

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8eac17b17743a1e491d66d72e4a35150_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\8eac17b17743a1e491d66d72e4a35150_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\IntelprocBG\aoptisys.exe
      C:\IntelprocBG\aoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    205B

    MD5

    6cbed30f85331238d5aabab2d09628a2

    SHA1

    a72a1d9ee8fe54e52417cc563becf47a562a6aef

    SHA256

    3cb139fd2a0e29287c002b748ac019a60c97e9f66f1783b2d694f987bdb397a0

    SHA512

    93b191cecb8b11cb853df2cad2bd6b64c8417003018e5a4a317d5721873bd35380449e4b249a9063f23ddecb6800935cb14234666aab8d26d28efdbac058489f

    Download Submit

  • C:\VidSB\dobxsys.exe
    Filesize

    46KB

    MD5

    5dbdee64ffc37b182b9e2123fdccd703

    SHA1

    9770b24ddb4c62d242e22c1bc2766506ec728043

    SHA256

    6933cd460ad66232953454f6e6672272d37e5d6e176097ecf8bc76c5a3542fad

    SHA512

    070f1982d8cfda009b9fcfbc51e55b2028ac007db87889d7e2a59253423f50a5583042248242b71a73feb8b78c1b0ebfd114015fd397ff48a2c154f4ad5d110a

    Download Submit

  • C:\VidSB\dobxsys.exe
    Filesize

    4.1MB

    MD5

    076bc9c0324a7e1ef161fcf2a0a03371

    SHA1

    08edd657a7478c204efe1f0e24b9281774e5ac53

    SHA256

    c05967804ef5a7645aea18914adb52d339fd917ccc2e30efaea4007a0468970b

    SHA512

    5e533d770780d2dc5307a3f7459ce52352dac54103ec0dbaf33c5dbbfdc5511c33e6884e35d42123f299db12abb0cfca2992290f5960010b89dd53101d037239

    Download Submit

  • \IntelprocBG\aoptisys.exe
    Filesize

    4.1MB

    MD5

    84af0fd53e6e38ef2ef746db4b2437c2

    SHA1

    439ad74c87ad488e6bf85f7e3a8875c7751c8656

    SHA256

    b6426848d9a0200b3a74d0834c8763b6a2b55f7086e6f21802042bd6bd750508

    SHA512

    685e44c7128e1e500eef25193bc2845b68a2f2ffd6bbc567d0be2c63c534d55c8bd275a73a2b9ef972eb846d103dc69d78b1ea61726fd4a094c2f30daa894460

    Download Submit