Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8e4e7aee76...AS.exe

windows7-x64

7

8e4e7aee76...AS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 12:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e4e7aee7656cada75436e6d2af4d820_NEAS.exe

  • Size

    2.7MB

  • MD5

    8e4e7aee7656cada75436e6d2af4d820

  • SHA1

    5281c3fbe362344fa2917069990dd616a876706d

  • SHA256

    a1790f5638a1b69236e184a1edbd3703e3234a0d933e85f681c35df0e1e4ccbc

  • SHA512

    09955bda9a8645e46aca415a924b9852f439bd920c441197447d04833ce35f91dc2379834400d7815adb6308e25a60393a5302e57b68bf01d01ecd582efc5558

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBb9w4Sx:+R0pI/IQlUoMPdmpSpn4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e4e7aee7656cada75436e6d2af4d820_NEAS.exe
    "C:\Users\Admin\AppData\Local\Temp\8e4e7aee7656cada75436e6d2af4d820_NEAS.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\UserDot96\devoptiec.exe
      C:\UserDot96\devoptiec.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\LabZ60\boddevloc.exe
    Filesize

    2.7MB

    MD5

    0111b8ed984c40dbbebf4494528d8c73

    SHA1

    ee2aa0caba03f69e82088523b46bf154abcc5daf

    SHA256

    bd2123f8c7ecab3d1f2fb133423d28ce9f242ee283f3f64bcd895064de318985

    SHA512

    5079d22dc63cb77cfcbbb879e1a3a985a828e5bbab0221c2c09137ef2ce0fc6e53aab616aaf44069910a512ffdee049bc2b145412627d34f405527fb902b820e

    Download Submit

  • C:\Users\Admin\253086396416_6.1_Admin.ini
    Filesize

    209B

    MD5

    92891a37b2da4acd62b4bbdc29a7ccc7

    SHA1

    473b6aa0ee685007c38649cca60ad23418f7157f

    SHA256

    5f69243f6259c605457ca91779226a5c4300cc5a71f5c8d04b3466c8c7bc7c58

    SHA512

    3a16f47970c5506fd61adf76789dd170a0f70b7973ce790c326457a3ee43605390abbf74447376ee0bd7afbcb3c5a5ad60d3b39d50f6adf5d740ba94a28f2156

    Download Submit

  • \UserDot96\devoptiec.exe
    Filesize

    2.7MB

    MD5

    3976b89dc0403aaa6fddc5afa622324b

    SHA1

    a78056163eccfc045f77261c783ec189b257c12f

    SHA256

    723ef9000f0400a17e1da8cd54f5c233323fb9805668c75eb0629c1427651756

    SHA512

    859e75155b72c653fa31ba4770b9dd55976e82e8fa4f84a9aabe7a401d6147776c53995b6e3604242f2b64b1f72d21e13701ca897042d709976ba70a1bcba57e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.