Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

nonadmin_disable.exe

windows7-x64

10

nonadmin_disable.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nonadmin_disable.exe

  • Size

    119KB

  • Sample

    230106-wb5y8shd59

  • MD5

    dc83dd2798a8ed47fde094ec809ea42b

  • SHA1

    0f40cbafb0be6e18a1e83138625a555261e34583

  • SHA256

    5e7c51cdbaaea395aec1e337592e4e210a698c47fe51d4e5f7b96166cacfd9bf

  • SHA512

    d96133753e4a3ca779b3910069486b24088113546901fd8178e05b3289325fd9e04665f75137bcb35a23ca85687506ad25e1f3d54a96ccbd0fe06f7340c93ed1

  • SSDEEP

    3072:Jpvb7RV/8hhb3dLUK94IgqHniOSyaZoc7QNPnP9TBfWSiwp:z9VkhhrdYK94IgqHniOSyaZoc7QNPnPP

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      nonadmin_disable.exe

    • Size

      119KB

    • MD5

      dc83dd2798a8ed47fde094ec809ea42b

    • SHA1

      0f40cbafb0be6e18a1e83138625a555261e34583

    • SHA256

      5e7c51cdbaaea395aec1e337592e4e210a698c47fe51d4e5f7b96166cacfd9bf

    • SHA512

      d96133753e4a3ca779b3910069486b24088113546901fd8178e05b3289325fd9e04665f75137bcb35a23ca85687506ad25e1f3d54a96ccbd0fe06f7340c93ed1

    • SSDEEP

      3072:Jpvb7RV/8hhb3dLUK94IgqHniOSyaZoc7QNPnP9TBfWSiwp:z9VkhhrdYK94IgqHniOSyaZoc7QNPnPP

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies security service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks