Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.system32exe_JC.exe

  • Size

    9.9MB

  • Sample

    231007-rmm6cadb3y

  • MD5

    25af599b04074298133944628227451a

  • SHA1

    b23abea6f74e7ffd1fa05436fc952ac652d59342

  • SHA256

    9a88864e3c87f405002960fa5bb710f486e15e7af8c7c2a0a64e6ff4957233f8

  • SHA512

    5ee27fc0fb47a50c26da3804c482f218d239ce250a1f5a0b0b2dc6e4440ea961fa8f19b2d64f37478d807b944d864da712614584825f29832faaa09cac2c0573

  • SSDEEP

    196608:5TYReKrNPFho7UzsyNhaD3fqYz08tHihjnwFXokW8oHDt+:F6DrNPFiksyYI8tkwZoklsx+

Score
10/10

Malware Config

Targets

    • Target

      NEAS.system32exe_JC.exe

    • Size

      9.9MB

    • MD5

      25af599b04074298133944628227451a

    • SHA1

      b23abea6f74e7ffd1fa05436fc952ac652d59342

    • SHA256

      9a88864e3c87f405002960fa5bb710f486e15e7af8c7c2a0a64e6ff4957233f8

    • SHA512

      5ee27fc0fb47a50c26da3804c482f218d239ce250a1f5a0b0b2dc6e4440ea961fa8f19b2d64f37478d807b944d864da712614584825f29832faaa09cac2c0573

    • SSDEEP

      196608:5TYReKrNPFho7UzsyNhaD3fqYz08tHihjnwFXokW8oHDt+:F6DrNPFiksyYI8tkwZoklsx+

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks