Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 07:08

General

  • Target

    8c3811ce570048160575493a85be6280_NEAS.exe

  • Size

    65KB

  • MD5

    8c3811ce570048160575493a85be6280

  • SHA1

    cf3f831f06543e631722e7ce13adfc51e54394da

  • SHA256

    cc169426dcdb80402bc8e78b76a6d46ce993a6da84e6ec23e19f16ea91a85762

  • SHA512

    9c2b48e7f67b7189a0614293db060af646039fb2cae79627d437cb38c5d8207a95aac35dd37e7630d893d3c46bc593ef0ae240c27403a3456b8678af9fcf5cbc

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxt0YRYvBh:W7ZDpApYbWjIlE77ufL6YRYvBh

Score
9/10

Malware Config

Signatures

  • Renames multiple (1375) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c3811ce570048160575493a85be6280_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\8c3811ce570048160575493a85be6280_NEAS.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4140
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3512

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      65KB

      MD5

      523033a479e8c7e767418e99b8ae7652

      SHA1

      4fc2adfa12675dbc07f46e08b2ff2c70393a6455

      SHA256

      5274afc8b78356988afedf36ee33ba388e1534a518a9ed6abe04ebc0e202fb18

      SHA512

      b32596022b38f471d5996e079b94190229e738690fb33cc85abbeca466345d5a36cae6ca2415ed374e38ecaa4c492f9678beef229e367a515b4030ec132c5033

    • C:\libsmartscreen.dll.tmp

      Filesize

      65KB

      MD5

      18332f0b7335d7b21100e3ce95a853b5

      SHA1

      a1f13ca956e3da1083fc23f100941b9ccd0e8405

      SHA256

      9e5f950e54567b0778f1eb66a81682e08f3b20d2d2be5be1695662539b2c77fb

      SHA512

      2fe11ff0ed4c7e82e502876efcc65f9aca5bcd7c51d962f4c8c2b51be26adea5ee503c0e2279d4b002a354e7fa7251d5937e374cabc30203e575594f7bfbad09