Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f19194910...AS.exe

windows7-x64

7

8f19194910...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f1919491049c61a1231fbcccc6b0640_NEAS.exe

  • Size

    30KB

  • MD5

    8f1919491049c61a1231fbcccc6b0640

  • SHA1

    727f5314ed443d253ead9ae0cf01e124b4af27ae

  • SHA256

    167acfff3691aeece7e33922a13bcb89f83138b9f5b0c4f7b5ebff8d0323f308

  • SHA512

    50d851a753baa5b754838dd764d704f6296bcbdd31dfd642cd5d19b1b42fb1c88be17b4c1a4e4e2f70de534c46c76b807980e0aebde01aad03b23d5817bac67b

  • SSDEEP

    384:CV6wM2h3ln/3m0p/Qhlg8dgQBY8hrBpj6480BpLe2MJ0W8xj:Q6K7fJKFiQTrLjdTLTW8xj

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f1919491049c61a1231fbcccc6b0640_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\8f1919491049c61a1231fbcccc6b0640_NEAS.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Users\Admin\AppData\Local\Temp\quity.exe
      "C:\Users\Admin\AppData\Local\Temp\quity.exe"
      2⤵
      • Executes dropped EXE
      PID:5024
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3628 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\quity.exe
      Filesize

      30KB

      MD5

      43ab3357d847a1a16c13f3bc794ba20c

      SHA1

      837a4a96ce3a3be23234408c355cc5e90ce9293b

      SHA256

      1c1cd00e185a10acc7e72492fbea52c918a7a97d4ec05f343c14ed3307a52943

      SHA512

      84b34b4e6b32aa4c0a72aba3b5067facd37af6b5f76722243197cd1242ab3ed27630818f0f76ba70262ce6365e7b4f2ea4e8eac887663229c4f1b402674fdb82

      Download Submit

    • memory/3192-0-0x0000000000630000-0x0000000000636000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3192-1-0x0000000000630000-0x0000000000636000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3192-2-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/5024-23-0x00000000005A0000-0x00000000005A6000-memory.dmp

      Filesize

      24KB

      Download