Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 12:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7a68a44c74d1373dba534cd9f83d4590_NEAS.exe
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7a68a44c74d1373dba534cd9f83d4590_NEAS.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
7a68a44c74d1373dba534cd9f83d4590_NEAS.exe
-
Size
94KB
-
MD5
7a68a44c74d1373dba534cd9f83d4590
-
SHA1
c3c7b82d09bae854623cd9ce803233f872c484f1
-
SHA256
c43a683e129f031e5482c310bc399975c90a3f9f2572eaae1e79bc3b8caf6645
-
SHA512
d7ceab751ecec1296ca64e7dda8c7990022a487721cbf57dc7fbdec331a8ddc6b2950672c7bd5d8a04ecf10e993d7502ef22bcce1d7de1c31a3816a94d3dd812
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Bq:6rWpcOPxPke+e3fFpsJOfFpsJbgEw
Score
9/10
Malware Config
Signatures
-
Renames multiple (4836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sw.pak.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nb.pak.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp 7a68a44c74d1373dba534cd9f83d4590_NEAS.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5273206fd46dc81a451d4f380861df106
SHA12600e78aad088a348ba612a98a7b6d9865032f59
SHA2565f684a3acfbd86532b52a19d678204d68c5b60b7611db5cbe6c9c59fe79e95b0
SHA5126dd48044474d0623025ab27a9fecdbfbff1f5bce995f17f135b626c5ed831a537552f3292fa8553d85c550b461e95e73897e41154f9a52097549d73744bd6a05
-
Filesize
193KB
MD55d792114b38138da6395270929fd40b6
SHA11e61f43337865a3125b2d7910ff171d8a04ed129
SHA256e89a61a49bf25b7ee8d43571dc85ee6c4abd056fe688bb7a72b6c8dd472617ef
SHA512b51eac684f1cc6018ec9b677c6eef8b769d5656c6d3bc1a87cd38b0bcf6cf467f4e5d07d1dc61376cbde51feb68dd42de8d85a824ef872b5ef64ed0e0d56bf55