Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

864477f714...AS.exe

windows7-x64

7

864477f714...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    864477f714d0e1b524a18d80eb985490_NEAS.exe

  • Size

    448KB

  • MD5

    864477f714d0e1b524a18d80eb985490

  • SHA1

    11ad11de7202170bbda8ef2d7a2cb40a8da4817f

  • SHA256

    ed9d2e59f7a7f9817f7f6737b905c87fc96ec6caae428c67060853937d4beea5

  • SHA512

    4fcf7699cc39e54b3c0e277efe5f3ef2d32cedf972f8e511b70aa02c992a2ce28ceaae02f59a875f4fc7d21ed65aef1e10631caa26c3b94e090ac82456c65084

  • SSDEEP

    6144:4jlYKRF/LReWAsUywGIEWnsGZtuIjjvvaGXm0QXXLTJy1j1Uuwn:4jauDReWuvnsGfbzZQXXLTJy1j0

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\864477f714d0e1b524a18d80eb985490_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\864477f714d0e1b524a18d80eb985490_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\ProgramData\mybkva.exe
      "C:\ProgramData\mybkva.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    448KB

    MD5

    258319f632e738ff2df51735e01c975f

    SHA1

    a4ec4a9b969e867fb7a19e6a81f0ae05fe79a47b

    SHA256

    902a501309a675951ee4abe89fedf364615494c773d72a9ce8f4500a36ac661b

    SHA512

    a7f1abf0e8fc82c85203033306aa4a9943446b145d7cf98083c0a062a30d5960880f0f2a05fc5e25cc6f9da33832efd519c53c3bededde894278284faf644e17

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\mybkva.exe
    Filesize

    311KB

    MD5

    6381c212f25e28f4edf2759a0f5ad0d8

    SHA1

    4f19f321cefe11b88922b1c8482607ddc1949ddb

    SHA256

    06802246b970a840ca1d3338d520d48d5800890ae7d9238632aabf9fc6e5250c

    SHA512

    b7302561b21860e0b8af7fa4545488dd53a417b2baa82a8e4e99255b03264065a858fd7d65745522904b1a00bfec698bfc34ccb0a614001a618beddad59ce04e

    Download Submit

  • memory/2012-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2012-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2012-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2264-131-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download