Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04b2eddf71...AS.exe

windows7-x64

7

04b2eddf71...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04b2eddf716f9ee4ecf89f68004e5110_NEAS.exe

  • Size

    2.7MB

  • MD5

    04b2eddf716f9ee4ecf89f68004e5110

  • SHA1

    5bf5c320a23f15da9c0c0135d69b9e44ee810f21

  • SHA256

    d7ad9153fca552f21476689a7f80853774738c033cdb53981902dfd873aee7d7

  • SHA512

    96a46b9f904359b142023b0c618d6df59121d4e7be539c549f610bf6eeeefcdbb610670dc7d386d8fb9b11de6487671a96ac8c159e214477737170b3c784ba6f

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBQ9w4Sx:+R0pI/IQlUoMPdmpSpa4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04b2eddf716f9ee4ecf89f68004e5110_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\04b2eddf716f9ee4ecf89f68004e5110_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\AdobeRP\devoptisys.exe
      C:\AdobeRP\devoptisys.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\GalaxHQ\optixloc.exe
    Filesize

    2.7MB

    MD5

    0a8dc73f4a87e03cea82a1813d63eb1c

    SHA1

    b16a24314e0ae14ffc10d946ef827475f3835edf

    SHA256

    c1ad4adf9fc21011e81d9a6cb15c40583c8edc53059909de570480340f8f5405

    SHA512

    534beea3ba86f28e9315ca1d02d42f392ba511ef510af8a630076da59dc51a3660a58a7ca665d3880483891efdcbac95f4abf177755cc2abfaae8ff67a7cfbd3

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    204B

    MD5

    56ed90c95d0efd5a08d6c432be588df4

    SHA1

    9e12e9ec47aa53420eb94bd770a1dcd1861cbc77

    SHA256

    ae11262f9fa44a17f83108db6d7746e8b0dcebee42ce933d3e1150f7fa26d424

    SHA512

    c81666018ffa97c0b25a1a8994d7964f78963e57a23879af9ca1ed3bebbb0e2c00fe2777c4f5df35e7bcc3ae24a30c0c12bddac073376757c051e5b0d605e38f

    Download Submit

  • \AdobeRP\devoptisys.exe
    Filesize

    2.7MB

    MD5

    17ad50224776ee28498ff96d3efd7d86

    SHA1

    ab12e23e5d7edacd1bf50a1aaab48df12d146efd

    SHA256

    0e3da910baad5f32ec6d88d316b1b439bf7804f80f0629648f5b46792dcd3b37

    SHA512

    0a0a27737b1d1a9157d369fa73120237f55facf70581aa318d05fc719ce28c664c19aa7c9b514fa67909c366f6a43788dd7b0c13a5b030892f341ac3eee25519

    Download Submit